NewsAlertshttp://www.cic-idtheft.com/en/RSS/NewsAlerts.aspxIDT911 News Alertsen{F0F6C17C-F312-4A99-BADC-A62342EF75C8}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40049037.aspxBreached Uber Credentials for Sale for As Low As $1 In Underground Market<p>After the Uber&nbsp;data breach, cybercriminals&nbsp;have allegedly put the stolen Uber driver information on black markets, <a href="http://motherboard.vice.com/read/stolen-uber-customer-accounts-are-for-sale-on-the-dark-web-for-1">according to Motherboard</a>. The tech website claimed it has verified the sale of information taken from Uber during a data breach.&nbsp;</p><p>The Uber data breach has the potential to affect a total of 50,000 drivers, exposing their names and license numbers,&nbsp;<a href="http://time.com/3726992/uber-data-breach/" target="_blank">Time magazine reported</a>. The information exposed during the breach could put drivers at risk for identity theft.&nbsp;</p><p>After a data breach, hackers may sell hundreds or thousands of consumer records in underground marketplaces to identity thieves or other criminals.</p><p>A similar incident happened after the Target data breach that exposed the financial information of 40 million people and the personal data of 70 million customers.&nbsp;</p><p>Since the data breach at Uber, sellers on&nbsp;the black market said they have thousands of user logins, available either in a bulk listing or per driver record.</p><p>A vendor on the market called ThinkingForward&nbsp;claimed the Uber account information is valid and&nbsp;the accounts sold for $5 each with discounts on bulk purchases. Other sellers are pricing logins even lower at&nbsp;$1 per Uber username and password.</p><p>Uber&nbsp;struck down reports that the black market listings of Uber driver information came from its servers, <a href="http://www.theguardian.com/technology/2015/mar/30/uber-denies-security-breach-logins-for-sale-dark-web">The Guardian reported</a>. The company also denied that the breach happened after saying it&nbsp;performed an investigation and found no evidence of the hack.&nbsp;</p><p>&quot;Attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report,&quot; an Uber spokesperson said in a statement.</p><p>Former Uber users&nbsp;whose credentials were exposed in the breach confirmed that their information was for sale in underground markets.&nbsp;</p><p>James Allan, sales director for tech solutions firm&nbsp;OISG, told Motherboard he was surprised to see his information and that his username and password displayed on the site were correct.</p>Tue, 31 Mar 2015 00:00:00 -0700{ED401407-6CB7-46D2-BF15-5C54C8E97302}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40048368.aspxData Breach Could Deter Young Patients from Health Care Providers<p>A data breach at&nbsp;their health care provider could make patients uneasy and even cause them to leave&nbsp;for a different hospital or doctor, according to a survey by TransUnion Healthcare. The survey found almost 7 in 10 respondents said they would avoid health care providers they know had suffered a data breach. Of the respondents who answered, younger consumers were more likely to switch health care providers, as 73 percent of patients 18 to 34 years old said they would leave a breached company.&nbsp;</p><p>Data breaches in the health care industry are becoming more common as cybercriminals aim to steal medical and financial information that could be used for fraud.&nbsp;</p><p>The implications of a medical data breach are huge. Not only could patients be at risk for medical identity theft, health care providers are at risk for lawsuits from affected consumers and states.&nbsp;</p><p>Health insurer Anthem has been named the defendant in several lawsuits after a data breach of millions of patients&#39; information. Recently, St. Louis County filed a lawsuit against Anthem because&nbsp;the data theft impacted a significant number of St. Louis residents, <a href="http://stlouis.cbslocal.com/2015/03/27/st-louis-county-files-class-action-lawsuit-against-anthem-bcbs/" target="_blank">CBS affiliate KMOX&nbsp;reported</a>.&nbsp;</p><p><strong>Future of Health Care in Jeopardy</strong><br />
The future of the health care industry could be at risk&nbsp;if health care providers do not strengthen their security. President of TransUnion Healthcare Gerry McCarthy said&nbsp;older consumers would probably stay with their existing doctors, but this isn&#39;t the case for millennials. Since there are more millennial patients in recent years, health care providers will have to improve their data security.</p><p>&quot;With more than 80 million millennials recently entering the healthcare market, providers that are not armed with the proper tools to protect and recover from data breaches run the risk of losing potentially long-term customers,&quot; McCarthy said in a statement.</p>Fri, 27 Mar 2015 00:00:00 -0700{1FA4969E-497C-4767-9236-E3F4A8CAE943}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40048090.aspxThree-Fourths of Companies Unable to Detect Data Breaches Immediately<p>A survey of mid- to large-sized organizations found 3 of 4 respondents would not be able to find a data breach until sometime after it had occurred,&nbsp;<a href="http://www.csoonline.com/article/2902252/data-breach/survey-75-of-firms-would-take-hours-or-longer-to-spot-breach.html" target="_blank">CSO Online reported</a>.&nbsp;</p><p>The&nbsp;Osterman Research survey results illustrate a major problem many companies have regarding data breach detection.&nbsp;Of these respondents, nearly 4 in 10 respondents&nbsp;said&nbsp;it would take days, weeks or more to detect the data breach. Since firms may not discover data breaches until weeks or even months after cybercriminals&nbsp;began their attacks, sensitive information like corporate data or consumer payment records could be exposed in the meantime.</p><p>&quot;That&#39;s not even remediation, or stopping the exfiltration,&quot; said Kevin Epstein, vice president of advanced security and governance for Proofpoint, which commissioned the survey. &quot;That&#39;s just realizing that the remediation is happening. And given how fast data can be moved these days, that&#39;s the crown jewels leaving the company. There&#39;s a hole in the bucket and data is flowing out of it.&quot;</p><p>Not only were respondents less likely to find a data breach until well after it happened, they were also not ready to handle these incidents. The survey indicated the majority of survey takers said they were either well-prepared or prepared for data breaches. However, 18 percent said they were only somewhat prepared and 14 percent said they were not adequately prepared.</p><p>A previous survey by FireEye&#39;s Mandiant&nbsp;division found 2014 saw&nbsp;a downward trend in the number of days it took companies to realize&nbsp;there was a breach,&nbsp;<a href="http://www.eweek.com/security/breach-detection-time-is-dropping-fireeye-finds.html" target="_blank">eWeek reported</a>.</p><p>Although the time between the breach occurring and its discovery is dwindling, a major part of this is due to the increased involvement of law enforcement and third-party IT firms in alerting companies.</p><p>&quot;The result of the FBI&#39;s efforts has led to increasing numbers of victim notifications,&quot; Mandiant&nbsp;Technical Director Ryan Kazanciyan&nbsp;told eWeek.</p>Thu, 26 Mar 2015 00:00:00 -0700{18B689D0-CB25-4AC7-805B-9EBA40DFBB50}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40047526.aspxKreditech Customer Info Exposed, May Be An Employee-Related Breach<p>Startup lender Kreditech is looking into a data breach potentially caused by a malicious insider that may have affected sensitive client information,&nbsp;<a href="http://krebsonsecurity.com/2015/03/kreditech-investigates-insider-breach/">KrebsOnSecurity reported</a>.&nbsp;</p><p>The company&#39;s business model involves big data, using 20,000 &quot;dynamic data points&quot; to provide services for people even without credit scores, including electronic banking and money transfers.&nbsp;</p><p>Kreditech&#39;s&nbsp;subsidiaries have a presence in nine countries and offer credit to millions of customers. The startup has drawn attention from not only investors, but also hackers because of its success in raising money.&nbsp;</p><p>In January,&nbsp;Kreditech&nbsp;obtained a credit line worth $200 million, which will go toward growing its business to lend money to consumers with no or poor credit,&nbsp;<a href="http://techcrunch.com/2015/01/22/kreditech-gets-200m-credit-line-to-fuel-its-big-data-based-consumer-lending-business/" target="_blank">TechCrunch&nbsp;reported</a>.&nbsp;</p><p>The hacker group A4&nbsp;claimed that while the company received millions of dollars in investments, Kreditech&nbsp;did not use it to strengthen security of its customers&#39; data, as the group claimed it gained easy access to sensitive data.&nbsp;</p><p>&quot;All data to which the group А4 got access will be put online in open access although its curb price is rather considerable,&quot; the hacker collective said, according to&nbsp;KrebsOnSecurity.</p><p><strong>Response from Company</strong><br />
An investigation into the breach will include law enforcement authorities in Hamburg, Germany, where the company is based.&nbsp;</p><p>Anna Friedrich, Kreditech head of communications, said that hackers were not able to access customer data.&nbsp;Friedrich said the information may have been exposed by someone who was either a current or former employee of the company.</p><p>&quot;This incident stemmed from a form on our Web site that was stored data in a caching system that deleted data every few days,&quot; said Friedrich, according to KrebsOnSecurity. &quot;What happened was that a subset of application data was affected. We are collaborating with the police, but unfortunately there is no more further information that I have to share. &quot;</p>Wed, 25 Mar 2015 00:00:00 -0700{4AD66F38-44EA-4BB3-B307-8048C632B041}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40047519.aspxMultistate Investigation into LifeWise, Premera Data Breaches Continues<p>A cyberattack&nbsp;against LifeWise Health Plan may have affected 250,000 residents in Oregon, <a href="http://www.statesmanjournal.com/story/news/health/2015/03/25/oregon-investigate-lifewise-data-breach/70416824/" target="_blank">Statesman Journal reported</a>. The attack on LifeWise Health Plan of Oregon is likely not the only incident that affected patients around the country&nbsp;served by the same company. Along with Oregon, Washington and Alaska will help with the investigation into the hack after those states were affected by the LifeWise data breach.&nbsp;</p><p>&quot;Oregon will be looking at how LifeWise learned about the breach, what process they used to identify affected consumers, and the adequacy of the consumer protections offered to those affected,&quot;&nbsp;Laura Cali, Oregon insurance commissioner, said in a statement.</p><p>The investigators may look into the connection between the&nbsp;LifeWise&nbsp;hack and the data breach at Premera Blue Cross, which is the parent firm of&nbsp;LifeWise Health Plan of Oregon.</p><p>The Premera Blue Cross data breach exposed the information of 11 million patient records,&nbsp;<a href="http://www.idt911.com/KnowledgeCenter/NewsAlerts/NewsAlertDetail.aspx?a=%7BF660EAC6-4DF5-4AAA-91B8-C65D0B2728B3%7D" target="_blank">IDT911&nbsp;reported</a>. The attack primarily affected Washington state residents and exposed both medical and financial information.</p><p><strong>Data Breach Exposes Personal Information</strong><br />
To investigate the cause of the breach, LifeWise worked with a third-party IT security firm. The data compromised includes names, dates of birth, Social Security numbers and even bank account information, according to a statement by&nbsp;LifeWise.</p><p>The attack on LifeWise&nbsp;occurred on May 5, 2014, and the company did not know about the hack until Jan. 29 this year, the company said.&nbsp;</p><p>&quot;Along with steps we took to cleanse our IT system of issues raised by this cyberattack, LifeWise is taking additional actions to strengthen and enhance the security of our IT systems moving forward,&quot; the company said in a statement.</p><p>Lifewise said the information affected may have not been removed from its systems or that the data was misused.</p><p>With millions of patients in several states affected by data breaches, health care firms may need to&nbsp;increase their security to ensure similar incidents do not happen.&nbsp;</p>Wed, 25 Mar 2015 00:00:00 -0700{3E979B1C-241B-40A1-80AA-1CE533BC4718}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40046842.aspxBipartisan Bill Tries to Strike Balance Between Privacy Protection and Ed Tech Use<p>A bipartisan bill introduced in&nbsp;Congress could curb privacy protection concerns regarding confidential student data collected by the education technology industry, <a href="http://www.nytimes.com/2015/03/23/technology/bill-would-limit-use-of-student-data.html?_r=0">The New York Times reported</a>.</p><p>Parents, teachers and other education professionals have raised questions regarding how education tech companies gather, analyze and use data. Some critics claim that the firms improperly use this personal information for marketing purposes. Others are also worried about the amount of data collected by firms and whether it is secure from cyberattacks and data breaches.</p><p>Since young students have a blank slate on their credit histories, cybercriminals may target databases full of student information to steal victims&#39; identities and open new lines of credit.&nbsp;Those&nbsp;affected may not know they had their personal details taken until after they apply for a loan or credit card.&nbsp;</p><p>While there are concerns, lawmakers agree the tools and innovations provided by tech firms are useful for the national education system. The bill spearheaded by Democratic Rep.&nbsp;Jared S. Polis from Colorado and Republican Rep.&nbsp;Luke Messer from Indiana aim to have education tech firms work with parents and educators to better serve students.</p><p>&quot;The world of big data has hit the classroom,&quot; Messer said, according to the Times. &quot;We want to preserve the positive benefits the technology can bring to student outcomes.&quot;</p><p>To guard student information, education companies could improve not only privacy protection, but also data security.&nbsp;</p><p>In February, the Privacy Technical Assistance Center of the&nbsp;U.S. Department of Education&nbsp;released a guidance document for school systems to protect student privacy protection, <a href="http://www.ed.gov/news/press-releases/department-releases-new-guidance-protecting-student-privacy-while-using-online-educational-services" target="_blank">according to a release</a>.&nbsp;</p><p>&quot;We must provide our schools, teachers and students cutting-edge learning tools - and we must protect our children&#39;s privacy,&quot; said U.S. Secretary of Education Arne Duncan. &quot;We can accomplish both - but we will have to try harder to do it.&quot;</p>Mon, 23 Mar 2015 00:00:00 -0700{1AF2CBBB-F1E5-4AA8-8F33-034F6A40E3A6}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40046506.aspxIRS Enlists Help from Tax Preparation Industry to Fight Identity Theft, Tax Fraud<p>The IRS met with big players in the tax preparation industry, including tax software firms, to come up with a plan to stop tax fraud, <a href="http://blogs.wsj.com/totalreturn/2015/03/19/the-irs-tackles-tax-id-fraud/" target="_blank">The Wall Street Journal reported</a>. Since&nbsp;these companies and individual tax preparer organizations are involved in helping taxpayers file their taxes, they are on the front lines when it comes to fighting against identity theft.&nbsp;</p><p>Tax fraud linked to identity theft is a major headache for the agency as the IRS gave out $5.8 billion after receiving fake tax returns last year, the Journal reported. As scammers strive to steal thousands or even millions of dollars from victims by taking their personal and financial information, the schemers likely see these crimes as easy money.</p><p>Scammers use sophisticated and simple techniques to steal information and money from taxpayers, including exploiting misinformation about the Affordable Care Act. Recently, the IRS raised the alarm on another new tax fraud scheme after some tax preparers have claimed that taxpayers should give them money for penalties related to the ACA if some people are uninsured, <a href="http://www.consumerreports.org/cro/news/2015/03/new-tax-fraud-obamacare-penalty-payments/index.htm" target="_blank">according to ConsumerReports.org</a>.</p><p>Lack of security and threat information is a significant problem as state tax agencies and tax preparation firms have noted that it is hard to align cybersecurity policies with the IRS.&nbsp;</p><p>While the threat of tax fraud grows, lawmakers are urging the IRS to strengthen its data security, <a href="http://www.gao.gov/products/GAO-15-337" target="_blank">according to the U.S. Government Accountability Office</a>.&nbsp;</p><p>&quot;The agency had a comprehensive framework for its program, such as assessing risk for its systems, developing security plans, and providing employees with security awareness and specialized training,&quot; a&nbsp;GAO report said. &quot;However, aspects of its program were not yet effectively implemented.&quot;</p><p>Changes in improvements to taxpayer authentication and detecting fraud may not happen until next tax season, according to the Journal.</p><p>The agency plans to establish three groups to begin making recommendations for changes.&nbsp;</p>Fri, 20 Mar 2015 00:00:00 -0700{EFBA2657-0CCD-4A36-9E75-7BEE783ADD3F}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40046225.aspxRetailers Call for Strong Federal Data Breach Notification Law<p>Retailers are advocating for greater customer information protections by asking Congress to pass federal data breach notification legislation, according to a release by the National Retail Federation. The NRF said a strong data breach notification law on the federal level should hold&nbsp;entities that store personal and financial information accountable, from payment service providers to telecommunications companies.&nbsp;</p><p>&quot;Congress should not allow a federal breach notification law to suffer from &#39;notice holes&#39; - the situation where certain entities are exempt from publicly reporting known breaches of their own systems,&quot; said&nbsp;NRF Senior Vice President Mallory Duncan. &quot;If we want meaningful incentives to increase security, everyone needs to have skin in the game.&quot;</p><p>The call for improved data security and notification laws come after a spike in data breaches in the retail industry. Some of the biggest data breaches happened because of malware infections of point-of-sale terminals in retail stores. Cybercriminals often target retailers because they store valuable information, from customer names and email addresses to financial data like credit and debit card numbers.&nbsp;</p><p>A previous survey noted almost half of credit card holders were afraid of shopping in stores last holiday season because of the string of retail data breaches, <a href="http://www.creditcards.com/credit-card-news/shopping-after-breach.php" target="_blank">according to a survey by CreditCards.com</a>.&nbsp;</p><p>David Just, Cornell University professor of applied economics management and director of graduate studies, said people may avoid shops after they learn they experienced a data breach. About 45 percent of respondents said they would definitely or probably try not shopping at stores they shopped in the past during the holidays if the company had a data breach occur.</p><p>&quot;Your initial response is fear,&quot; Just said. &quot;You feel like you&#39;ve been violated. You don&#39;t know what&#39;s going to happen to your credit.&quot;</p><p>With the potential loss of revenue from data breaches, companies could more likely support comprehensive federal data breach notification laws.</p>Thu, 19 Mar 2015 00:00:00 -0700{F660EAC6-4DF5-4AAA-91B8-C65D0B2728B3}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40045826.aspxPremera Blue Cross Data Breach Exposes 11 Million Financial, Medical Records<p>A data breach at health insurance firm Premera Blue Cross potentially compromised 11 million medical and financial records, <a href="http://thirdcertainty.com/news-analysis/hackers-responsible-premera-anthem-breaches/" target="_blank">ThirdCertainty reported</a>. The source of the data breach was a cyberattack that occurred in May 2014. The majority of the Premera&nbsp;customers affected - an estimated 6 million - are located in Washington state.&nbsp;</p><p>Other entities also had their information accessed because they may have been affiliated with Premera or were connected through the same IT system,&nbsp;<a href="http://www.bizjournals.com/portland/blog/health-care-inc/2015/03/premera-data-breach-affected-oregons-lifewise.html">Portland Business Journal reported</a>. In addition to Washington, states across the U.S. were impacted by the breach, including Oregon. About 60,000 current and former customers of&nbsp;LifeWise Health Plan of Oregon had their information accessed.&nbsp;</p><p>Eric Earling, Premera vice president of corporate communications, noted the breach was the result of a sophisticated cyberattack.</p><p>&quot;They got access, but there&#39;s no evidence they removed information from the system,&quot; Earling said.&nbsp;</p><p>The company said a cyberattack may have exposed personal information including dates of birth and Social Security numbers. Additionally, clinic information and bank account data was improperly accessed. While the attack started in May 2014, customers with data as far back as 2002 may have been affected.&nbsp;</p><p>Some analysts are claiming the Premera breach is the biggest data breach of patient medical information so far,&nbsp;<a href="http://www.nytimes.com/2015/03/18/business/premera-blue-cross-says-data-breach-exposed-medical-data.html?_r=0" target="_blank">The New York Times reported</a>.</p><p>The health care industry is at greater risk for cyberattacks because victims could face medical identity theft, which puts their finances and health in danger.</p><p>Although Earling said the Anthem data breach that happened previously is not linked to the incident at&nbsp;Premera, some believe that hackers used similar methods in both cases through stealing credentials and installing malware,&nbsp;<a href="http://www.computerworld.com/article/2898419/data-breach/premera-anthem-data-breaches-linked-by-similar-hacking-tactics.html">Computerworld reported</a>.&nbsp;</p><p>Premera&nbsp;hired a third-party forensic investigation firm to look into the data breach. The company is also cooperating with the FBI.&nbsp;</p>Wed, 18 Mar 2015 00:00:00 -0700{2796605E-75AD-4977-9540-00491E4D570E}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40045561.aspxData Breached Records Surged to 1 Billion in 2014<p>The number of records breached in 2014 jumped 25 percent year over year to 1 billion, <a href="http://securityintelligence.com/cracksinthefoundation#.VQhjFmR4qQ0" target="_blank">according to IBM</a>. The firm noted that lack of privacy protection and vulnerabilities in security systems could have contributed to the surge in exposed records.</p><p>Major data breaches that increased the number of breached records include the incident at Sony Pictures Entertainment, where sensitive emails, movies and other information were improperly accessed.&nbsp;</p><p>With more information stored in the cloud, as well as through multiple databases, IT security professionals may have more difficulty with keeping track of security for various entry points into sensitive systems.</p><p>There are also fundamental issues that could result in compromised information, including not securing passwords properly or neglecting to change them often, which are important measures to protect data.&nbsp;</p><p>&quot;While general attack types remain consistent year to year, creative applications of these fundamental building blocks can vary greatly,&quot; Leslie&nbsp;Horacek, an X-Force threat response manager for IBM, wrote in a blog. &quot;Focusing on security fundamentals, such as password diligence, can provide a base level of protection that is invaluable.&quot;</p><p><strong>How IT Staff Can Take Action</strong><br />
Other steps companies can take to guard their information is to prepare IT teams for responses to incidents, <a href="http://www.esecurityplanet.com/network-security/10-tips-to-mitigate-data-breaches.html" target="_blank">according to eSecurity Planet</a>. In case a data breach occurs&nbsp;that could expose sensitive information, IT security staff should understand the procedures for data breach response and remediation.&nbsp;Jake Williams, Sans Institute&nbsp;certified instructor, recommended checklists for incident response. Additionally, IT employees should also be trained to handle cyberattacks and other causes of data compromises by being trained and performing drills.&nbsp;</p><p>&quot;The most effective training includes incident dry runs, often called sand table exercises, where incident responders and managers work through a mock incident,&quot; said Williams, according to eSecurity Planet.&nbsp;</p>Tue, 17 Mar 2015 00:00:00 -0700{550F4244-3E39-4223-A669-415548657AFC}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40045169.aspxMilitary Customers Targeted in Identity Theft Scam Run by Jeweler, Employees<p>A jewelry store owner and two of his employees at a location in San Diego committed identity theft after stealing the personal information of military members, <a href="http://www.nbcsandiego.com/news/local/Romanos-Jewelers-owner-employees-charged-with-identity-theft-296063031.html" target="_blank">NBC affiliate KNSD&nbsp;in San Diego reported</a>. The&nbsp;San Diego County District Attorney&#39;s Office charged the owner and workers with 14 counts of identity theft for the scam that lasted between 2010 and 2012.</p><p>During that time, the two employees stole financial information from military customers who were on active duty at the time. After taking this information, the perpetrators made unauthorized transactions on the victims&#39; store credit cards. A Marine was responsible for supplying the information necessary to make the charges. For his role in the scheme, the Marine was not charged&nbsp;on his jewelry store credit account and received money and jewelry.</p><p>Major John H. Schweitzer, a Marine judge advocate and who is&nbsp;with the U.S. Marine Corps Reserve, said it was the first kind of case he has seen in his career.</p><p>Military members may become victims of identity theft because they may not check their credit reports or bank statements while on active duty. To prevent identity theft, military members could establish an active duty alert on their credit reports, which acts similarly to a fraud alert, <a href="https://www.consumer.ftc.gov/articles/pdf-0016-military-identity-theft.pdf" target="_blank">according to the Federal Trade Commission</a>. By putting an active duty alert on their credit reports by calling one of the three credit reporting bureaus, creditors need to verify military members&#39; identities first before approving new credit.&nbsp;</p><p>The jewelry store owner and employees charged with identity theft could be sentenced as long as 12 years and four months in prison.&nbsp;</p><p>&quot;It is surprising and a relief to know that somebody on the outside taking advantage of military is actually being charged,&quot; said Major Schweitzer, according to KNSD. &quot;I&#39;ve never seen prosecution done through civilian criminal court system.&quot;</p>Mon, 16 Mar 2015 00:00:00 -0700{864FAEAB-0943-44ED-9592-E28F41F8E475}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40044816.aspxAlmost Half of Patients Fear Data Breaches, Identity Theft<p>A new survey on data privacy protection and security found almost half of patients are worried about data breaches, <a href="http://www.healthcare-informatics.com/news-item/survey-data-breaches-put-fear-patients?utm_source=feedburner&amp;utm_medium=feed&amp;utm_campaign=Feed%3A+healthcare-informatics+%28Healthcare+Informatics%29" target="_blank">Healthcare Informatics reported</a>. The study by systems review firm <a href="http://www.softwareadvice.com/" target="_blank">Software Advice</a> discovered nearly 1 in 2 patients have concerns about identity theft and fraud.</p><p>The rise of data breaches may be leading to more cases of identity theft as hackers could abuse&nbsp;this stolen&nbsp;information to take advantage of victims&#39; access to medical services or&nbsp;file fake tax returns to steal refunds.&nbsp;</p><p>&quot;The results of our survey on patient fears indicate that much work must be done to restore patients&#39; faith in data security,&quot; the researchers concluded. &quot;Practices should strive to create an atmosphere where patients see promise instead of potential risk when it comes to the way healthcare data is handled.&quot;</p><p>In the past six weeks, there have been data breaches across the U.S. health care sector, either caused by cyberattacks, insider breaches or theft of physical equipment, <a href="http://www.beckershospitalreview.com/healthcare-information-technology/12-latest-data-breaches-3-12-15.html" target="_blank">Becker&#39;s Hospital Review reported</a>.&nbsp;</p><p>A cyberattack at St. Mary&#39;s in Evansville, Indiana, exposed almost 4,400 patient records while a data breach at State of Franklin Healthcare Associates in Johnson City, Tennessee, could have compromised payroll information.&nbsp;</p><p>Examples of data breaches caused by theft of equipment include the&nbsp;Aspire Indiana data breach, which was the result of theft of several laptops from the nonprofit&#39;s administrative offices.&nbsp;</p><p>Some patient records were also improperly disposed of, which could make personal information vulnerable to theft. Patients of Suburban Lung Associates&nbsp;possibly had their information exposed after files were found in a dumpster.&nbsp;Filefax, a Northbrook, Illinois-based, company responsible for handling hospital records, owned the dumpster. Now the state&#39;s attorney general is investigating the incident.&nbsp;</p><p>As health care providers look at their security, they should guard against a wide variety of data breach causes to fully protect patient information.&nbsp;</p>Fri, 13 Mar 2015 00:00:00 -0700{26EC3D39-39CA-4A79-8F81-14653CE34AD0}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40044495.aspxUniversity Data Breaches Result in Tax Fraud Identity Theft<p>The University of Pittsburgh Medical Center experienced a major data breach of employee information that could leave 62,000 workers vulnerable to tax fraud and identity theft, <a href="http://www.wtae.com/news/upmc-data-breach-affecting-some-employees-tax-returns/31742158" target="_blank">ABC affiliate WTAE&nbsp;in Pittsburgh reported</a>.&nbsp;</p><p>Federal authorities said some of the employees affected had their information misused by identity thieves to file fake tax returns. The IRS notified UPMC workers about the data breach and said they could have their tax returns delayed as the agency attempts to detect the fraud.</p><p>&quot;Although some staff may have their refunds delayed for several weeks by this process, it does provide an extra layer of protection against tax fraud,&quot;&nbsp;UPMC&nbsp;officials said in a written statement.</p><p>UPMC recommended employees use an&nbsp;Identity Protection Personal Identification Number to file their taxes to avoid having their tax returns delayed.&nbsp;<br />
<br />
With data breaches at universities potentially exposing workers&#39; personal information, impacted employees are at greater risk for tax fraud. Identity thieves who access workers&#39; personal details like dates of birth or Social Security numbers could attempt to file tax returns in their victims&#39; names.&nbsp;</p><p><strong>BSU Identity Theft Victims Claim Connection to Anthem</strong><br />
Recently, Ball State University stated at least 80 employees had their information stolen and used to file fraudulent tax returns, <a href="http://www.indystar.com/story/news/2015/03/10/ball-state-identity-theft-anthem/24734003/" target="_blank">Muncie Star Press reported</a>. Some affected workers believe the tax fraud cases are connected to the data breach at insurer Anthem. The victims include higher&nbsp;level BSU&nbsp;employees, including an associate vice president and dean.&nbsp;</p><p>Victims are concerned that the effects of identity theft could be potentially long-lasting.&nbsp;</p><p>&quot;As one agent of the credit bureaus stated, your Social Security number is out there forever, so the journey of protecting our family&#39;s identity looks like it will be a lifelong pursuit,&quot; Dan Byrnes, director of BSU sports facilities who was affected by the mass identity theft. &quot;That&#39;s scary.&quot;</p>Thu, 12 Mar 2015 00:00:00 -0700{95DFCE64-6ECE-4C1C-94DA-BB4DE35D1636}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40044197.aspxHackers Target Law Firms for Corporate Data<p>With the increase in cyberattacks across the private sector, law firms are also seeing a greater number of data breaches and hacking incidents, <a href="http://www.bloomberg.com/news/articles/2015-03-11/most-big-firms-have-had-some-form-of-hacking-business-of-law" target="_blank">Bloomberg reported</a>. U.S. law firms are likely targeted by cybercriminals because they store huge volumes of confidential data. IT security firm Digital Guardian claims the majority of the 100 largest law firms in the U.S. have experienced a data breach.&nbsp;</p><p>Harvey Rishikof, co-chair for the Cybersecurity Legal Task Force of the American Bar Association, said individual or government-backed hackers could go after data on deal negotiations and more. Since law firms often handle mergers and acquisitions, these organizations are more vulnerable to hacks to steal corporate information.&nbsp;</p><p>&quot;They&#39;re interested in mergers and acquisitions as well,&quot; Richard&nbsp;Bejtlich, chief security strategist of IT security firm FireEye, said in a statement. &quot;It&#39;s the way they conduct due diligence.&quot;</p><p>To take data from law firms, hackers could install malware into office computers. As law firms aim to protect information from hackers, they could improve their data security and guard against loopholes that could allow cybercriminals unauthorized access to data.&nbsp;</p><p>Some of the biggest errors companies can make with data security include operating databases in environments that seem secure, and loose access control, according to IT security firm&nbsp;Dataguise. Both of these mistakes could let cybercriminals&nbsp;log into databases or computer systems that contain sensitive information and steal data or install malware.</p><p>With these threats rising, law firms should also make sure their data is as secure as their clients and other private companies.&nbsp;</p><p>&quot;By understanding the specific location, count, and type of sensitive data in these sources, Dataguise discovery offers the only automated way to detect, protect, and audit sensitive data for breach risk reduction and to address regulatory and compliance mandates,&quot;&nbsp;Jeremy Stieglitz, Dataguise vice president of products, said in a statement.</p>Wed, 11 Mar 2015 00:00:00 -0700{9E3A00AC-929B-4BF6-A5B5-1E8FE6057628}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40043874.aspxPOS Vendor Reports Credit Card Breach<p>Point-of-sale systems provider NEXTEP Systems&nbsp;suffered a data breach that could have exposed payment card information,&nbsp;<a href="https://krebsonsecurity.com/2015/03/point-of-sale-vendor-nextep-probes-breach/" target="_blank">KrebsOnSecurity reported</a>. The company installed point-of-sale solutions primarily for&nbsp;food services companies.</p><p>Retailers and other companies have been increasingly targeted by&nbsp;cybercriminals. Now, cybercriminals&nbsp;may go after point-of-sale service providers because they could store&nbsp;potentially valuable debit or credit card information. After stealing this data, hackers could either copy card information onto new cards or sell it on the black market.&nbsp;</p><p>NEXTEP President Tommy Woycik said not all customers were effected by the credit card data breach, according to a statement in an email.&nbsp;</p><p>&quot;NEXTEP immediately launched an investigation in cooperation with law enforcement and data security experts we retained to determine the root cause and remediate the issue,&quot; Woycik said in the statement.</p><p><strong>Data Breaches and Payment Card Industry&nbsp;</strong><br />
The company said it is working with law enforcement authorities to investigate the breach. Woycik&nbsp;noted that the firm is unaware of the scope of the breach so far.&nbsp;</p><p>To steal a large volume of data, cybercriminals could also infect point-of-sale solutions with malware. This was the method employed in the Target data breach.</p><p>As companies aim to protect vulnerable systems like point-of-sale terminals in stores, they should ensure they guard against various threats, from malware to phishing, <a href="http://www.computerweekly.com/news/2240241980/Point-of-sale-supplier-compromise-highlights-need-to-update-legacy-systems">Computer Weekly reported</a>.&nbsp;</p><p>With cyberattacks on the rise, firms that accept debit or credit cards could also implement more secure payment systems that comply with industry cybersecurity standards. Payment companies are pushing for chip and PIN cards that may prevent cybercriminals from simply copying the card information.&nbsp;</p><p>&quot;It is a difficult job to secure POS devices - a long-term solution should be using the Europay, MasterCard and Visa [EMV] security standard on payment cards,&quot; said&nbsp;Sagie&nbsp;Dulce, IT security researcher with&nbsp;Imperva, according to Computer Weekly.</p>Tue, 10 Mar 2015 00:00:00 -0700{EBD1EBED-1318-4AD4-84B5-B10DBB799745}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40043518.aspx3 Men Indicted in Data Breach of 1 Billion Email Addresses<p>The U.S. Department of Justice charged three men in a massive data breach that exposed 1 billion email addresses, <a href="http://www.eweek.com/security/feds-charge-three-with-theft-of-1-billion-email-addresses.html" target="_blank">eWeek&nbsp;reported</a>. After stealing the email addresses and&nbsp;names consumers&nbsp;from several email service providers in the U.S., the group also engaged in money laundering. The three men operated the scheme from Vietnam, the Netherlands and Canada, stealing&nbsp;proprietary marketing data.</p><p>Typically, email service providers operate mass email lists for companies to send messages to their customers. These companies specialize in making sure their email campaigns are not marked as spam by email platforms, the Federal Bureau of Investigation&nbsp;noted. However, the cybercriminals used the popularity of these services to their advantage by stealing email addresses.&nbsp;</p><p>Acting U.S. Attorney John Horn said the data breach allowed the cybercriminals to take over email companies&#39; distribution systems to send bulk emails and generate millions of dollars from email traffic, <a href="http://www.fbi.gov/atlanta/press-releases/2015/indictment-unsealed-and-additional-defendant-charged-in-one-of-the-largest-reported-data-breaches-in-u.s.-history" target="_blank">according to a statement by the FBI</a>. One member of the group owned affiliate marketing websites with Marketbay.com and the extra email traffic allowed him to make money to gain sales commission.&nbsp;</p><p>The data breach lasted between&nbsp;February 2009 and June 2012. To steal 1 billion email addresses, the cybercriminals used various techniques from hacking into email service providers&#39; computer databases to implementing phishing scams to infect systems with malware. From&nbsp;May 2009 and October 2011, two members of the group were able to make&nbsp;$2 million.</p><p>&quot;Large scale and sophisticated international cyber hacking rings are becoming more problematic for both the law enforcement community that is faced with the challenges of identifying them and laying hands on them, but also the Fortune 500 companies that are so often their targets,&quot;&nbsp;J. Britt Johnson, special agent in charge for the FBI field office in Atlanta, said in a statement.</p>Mon, 09 Mar 2015 00:00:00 -0700{58134066-0DF5-4789-B342-4FFBEF5F84F3}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40043144.aspxMandarin Oriental Hotel Group Confirms Financial Data Breach<p>Mandarin Oriental Hotel Group confirmed it experienced a data breach of customer financial information, <a href="http://krebsonsecurity.com/2015/03/credit-card-breach-at-mandarian-oriental/" target="_blank">according to KrebsOnSecurity</a>. The hotel chain said it is investigating the breach to resolve the incident.&nbsp;</p><p>In a statement emailed to KrebsOnSecurity from Mandarin Oriental, the breach affected&nbsp;point-of-sale systems in hotels in the U.S. and Europe. The luxury hotel chain has locations throughout the U.S., including in Las Vegas, New York and Washington. The company has not revealed which hotels have been affected.</p><p>The company deleted the malware after finding the source of the breach. Point-of-sale systems have been a major entry point for cybercriminals in other significant data breaches in the retail industry last year.&nbsp;</p><p>Before the Mandarin confirmed the breach, sources in the financial industry said there was evidence that customer cards were used fraudulently.&nbsp;</p><p>&quot;Unfortunately incidents of this nature are increasingly becoming an industry-wide concern,&quot; the company said in an emailed statement. &quot;The group takes the protection of customer information very seriously and is coordinating with credit card agencies and the necessary forensic specialists to ensure our guests are protected.&quot;</p><p>The company said the breach could have happened a little before Christmas 2014.&nbsp;</p><p>As IT security firms look over the Mandarin data breach, they acknowledge that companies should not only maintain point-of-sale security but also do more to protect systems in case the Payment Card Industry (PCI) Data Security Standard is not enough,&nbsp;<a href="http://www.infosecurity-magazine.com/news/mandarin-oriental-data-breach/" target="_blank">Infosecurity Magazine reported</a>.&nbsp;</p><p>The increase in data breaches shows that simply implementing minimum security could still leave them vulnerable.&nbsp;</p><p>&quot;I have no doubt that officials at the luxury hotel chain will say their credit card systems were PCI compliant,&quot; Ulf Mattsson, chief technology officer at IT firm Protegrity, told Infosecurity Magazine. &quot;Unfortunately, they have just learned the hard way that compliance does not equal security.&quot;</p>Fri, 06 Mar 2015 00:00:00 -0700{8E4877C8-2182-43FF-A5AE-B92A92E4F049}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40042767.aspxBSU Employees Report Tax Fraud After Anthem Breach<p>After the Anthem data breach, some staff at Ball State University are concerned they have been victims of tax fraud identity theft, <a href="http://www.thestarpress.com/story/news/local/2015/03/03/scary-number-identity-thefts-bsu/24335861/" target="_blank">The Star Press reported</a>.&nbsp;</p><p>On Feb. 5, BSU Vice President for Business Affairs and Treasurer Bernard Hannon&nbsp;notified employees of the data hack&nbsp;on Anthem, which is the parent company of the university&#39;s&nbsp;third-party health insurance provider.&nbsp;</p><p>Hannon said BSU employees could have been affected, according to the university statement. In the letter, however, Anthem told the university that there was no evidence that showed BSU staff&#39;s personal information was compromised.</p><p>A month later, employees are reporting they may be victims of tax fraud, according to The Star Press.&nbsp;</p><p>Jennifer Palilonis, professor of multimedia at BSU, said her federal and state tax forms were rejected after someone else had used her information to file a tax return.</p><p>During the Anthem data, hackers stole personal information, including dates of birth and Social Security numbers, which are crucial details used for tax returns. In addition to this information, Anthem customers also had their member health ID numbers and even employment information accessed.&nbsp;</p><p>Aftermath of Anthem Data Breach<br />
​Palilonis&nbsp;said her family has been&nbsp;impacted as a result of the Anthem breach.&nbsp;</p><p>&quot;My identity has been stolen, my husband&#39;s identity has been stolen, and I think they have my kids&#39; Social Security numbers,&quot; said&nbsp;Palilonis.</p><p>Other employees told The Star Press they know of several other identity theft victims working at the university.&nbsp;<br />
<br />
After BSU received word of the reports of identity theft, the university said there is not indication there was a connection from the Anthem&nbsp;data breach and the tax fraud among staff.</p><p>&quot;We have received no information that would confirm the false tax filings are a result of the Anthem security breach,&quot; said Joan Todd, spokeswoman for BSU.</p>Thu, 05 Mar 2015 00:00:00 -0700{450DF9ED-B741-4CA6-AD91-4599D10A2E59}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40042478.aspxIRS Announces Top 10 Identity Theft Crimes Stealing Millions from the Government<p>The IRS is ramping up its initiative to prosecute identity thieves that perpetuate tax fraud cases, <a href="http://www.irs.gov/uac/Newsroom/IRS%E2%80%99s-Top-Ten-Identity-Theft-Prosecutions" target="_blank">according to a statement by the agency</a>. In an announcement on its top 10 identity theft cases, the IRS said bringing identity thieves to justice is a main priority. Tax fraud identity theft is a major problem for the agency as the number of cases is&nbsp;increasing and there is a high risk for consumers who become victims.&nbsp;</p><p>&quot;Identity theft is a crime that carries significant consequences, and these cases send a warning to criminals,&quot; Richard Weber, IRS-criminal investigation chief, said in a statement. &quot;Our top 10 cases represent the seriousness of these crimes and the magnitude of the consequences that will be faced by those who victimize honest taxpayers and steal from hard-working Americans.&quot;</p><p>Some of the cases in the top 10 involved scammers who operated entire crime rings designed to steal taxpayers&#39; tax returns. The No. &nbsp;3 crime on the list included a tax fraud scheme that operated in Dallas that attempted to steal millions of dollars in tax refunds. As part of their punishment, some of the thieves were sentenced up to 210 months in prison with one of them ordered to pay $15.9 million in restitution.</p><p>In another case, a tax preparer from New York stole identities to file almost 1,000 fake tax returns online. The tax preparer was found guilty of wire fraud, aggravated&nbsp;identity theft and other crimes.&nbsp;</p><p>The IRS also has to contend with tax fraud caused by its own employees. An IRS worker in Fresno, California, was recently indicted by a federal grand journey for alleged tax fraud crimes, <a href="http://www.fresnobee.com/2015/02/27/4401022/fresno-irs-employee-arrested-at.html" target="_blank">The Fresno Bee reported</a>. The worker who has been with the IRS for 20 years prepared and filed fake tax returns for herself and relatives as well as other people.&nbsp;</p>Wed, 04 Mar 2015 00:00:00 -0700{5D22A6E0-0904-4854-92CB-328781108877}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40041913.aspxHackers in Natural Grocers Payment Card Breach May Have Data on Black Market<p>Natural Grocers is investigating a potential data breach of its point-of-sale- systems that could have exposed customer payment&nbsp;information,&nbsp;<a href="http://krebsonsecurity.com/2015/03/natural-grocers-investigating-card-breach/" target="_blank">KrebsOnSecurity&nbsp;reported</a>.&nbsp;</p><p>KrebsOnSecurity said the sources from the financial sector pinpointed the origin of fraudulent credit and debit card transactions to&nbsp;Natural Grocers, a Colorado-based&nbsp;natural foods grocery chain. The company operates stores across the country, from Washington to Missouri.&nbsp;</p><p>To determine if the company experienced a breach of customer information, Natural Grocers is currently&nbsp;working with a third-party forensics firm and law enforcement authorities.&nbsp;</p><p>A source told&nbsp;KrebsOnSecurity the hackers infiltrated the firm&#39;s systems before Christmas 2014. After breaking in, the hackers then went after the company&#39;s internal networks and infected its point-of-sale network with malware.&nbsp;</p><p>The method of the cyberintrusion&nbsp;is very similar to the data breach at Target during the holiday season in 2013. In Target&#39;s case, the hackers stole login credentials from a third-party vendor of the company and then infected its payment systems with malware. The data breach of 40 million payment cards and 70 million personal information records caused by the company to spend $162 million in expenses in 2014, <a href="http://www.computerweekly.com/news/2240241478/US-retailer-Natural-Grocers-investigates-data-breach" target="_blank">Computer Weekly reported</a>.</p><p>Also similar to the Target case, the compromised&nbsp;Natural Grocers customer data might also be on sale in an online black market.</p><p>In response to the breach, the company said it will improve its point-of-sale systems in all stores. The new system will be compliant with the&nbsp;Payment Card Industry (PCI) Data Security Standard. The company said in a statement that it has not received evidence that customer data was used for fraud and no personal information was exposed.&nbsp;</p><p>&quot;The company is in the process of installing this new system at all 93 Natural Grocers stores in 15 states,&quot; Natural Grocers said in a statement, according to KrebsOnSecurity. &quot;The company takes data security very seriously and is committed to protecting its customers&#39; information. This is all the information the company is able to provide at this time, as the investigation into the incident is ongoing.&quot;</p>Tue, 03 Mar 2015 00:00:00 -0700{6642DDB1-5767-48B4-B80A-EF95F874D332}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40041919.aspxID Theft Soars to No. 1 Complaint in 2014<p>Identity theft was the No. 1 biggest consumer complaint in 2014 as thieves ramped up imposter scams and other schemes, <a href="http://www.ftc.gov/news-events/press-releases/2015/02/identity-theft-tops-ftcs-consumer-complaint-categories-again-2014" target="_blank">according to the U.S. Federal Trade Commission</a>. Identity theft complaints rose 13 percent in 2014 to reach almost 333,000.&nbsp;</p><p>The FTC noted that it received an all-time high number of complaints regarding imposter scams, which is when scammers mask themselves as government officials or other high-ranked persons. Imposters may pose as someone of authority in order to steal information to use for identity theft. Imposter scam complaints surged 11 percent to reach almost 277,000.&nbsp;</p><p>&quot;Whether it&#39;s pretending to be the IRS during tax season, or making false promises of a lottery win, scammers are increasingly sophisticated in their efforts to deceive consumers, but the FTC will continue working to shut these scammers down,&quot; the&nbsp;commission&nbsp;said in a statement.&nbsp;</p><p>To perpetuate tax return fraud, schemers often impersonate IRS officials either on the phone or through email. This technique is a major reason why tax fraud cases increased. In February, the IRS cautioned taxpayers about fake emails that appear to be from IRS authorities, <a href="http://www.irs.gov/uac/Newsroom/IRS-Completes-the-Dirty-Dozen-Tax-Scams-for-2015" target="_blank">according to a statement</a>. The emails either claim that IRS is requesting that consumers pay a bill or will receive a refund once they give out their personal information.&nbsp;</p><p>With this information, such as consumers&#39; names and Social Security numbers, identity thieves could file fraudulent tax files to steal victims&#39; tax returns.</p><p>Of the states where complaint originate, Florida topped the list with the highest complaints per capita for identity theft, fraud and other complaints, according to the FTC.&nbsp;</p><p>To guard sensitive information, IRS Commissioner John Koskinen warned taxpayers against clicking on suspicious emails and websites because they could be scams designed to steal their personal information.&nbsp;</p>Tue, 03 Mar 2015 00:00:00 -0700{0BA79130-6ABD-41CB-86FF-3AE0CA7E9ED4}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40041660.aspxUber Investigates Data Breach Affecting 50,000 Drivers<p>Uber confirmed a data breach that resulted in an unauthorized party accessing the information of about 50,000 drivers, according to a statement by Uber. The company said the breach happened on May 13, 2014. The firm did not discover the breach occurred until months later on Sept. 17.</p><p>Katherine M&nbsp;Tassi, managing counsel of privacy at Uber, said the files accessed by an outside party contained drivers&#39; names and license numbers. Uber said it was notifying drivers who may have been affected.&nbsp;</p><p>Some cybersecurity experts believe the long time between discovering the data breach and alerting the drivers who had their information accessed could have put consumers&#39; data at risk, <a href="http://blogs.wsj.com/digits/2015/02/27/uber-breach-exposes-50000-driver-names-and-license-numbers/" target="_blank">The Wall Street Journal reported</a>.&nbsp;</p><p>Brian Finch, an expert on cybersecurity and data breaches at law firm Pillsbury Winthrop Shaw Pittman, said he believes companies should wait no more than 60 days to begin notifying people of intrusions.&nbsp;</p><p>&quot;Unless they were cooperating with law enforcement, which is a possibility, it would seem to be an unusual delay,&quot; Finch said.&nbsp;</p><p><strong>Response from Uber About Breach</strong><br />
As part of California law that exposes personal information, including drivers&#39; licenses, companies need to tell consumers without reasonable delay, according to the Journal.&nbsp;</p><p>Tassi, who served as former associate general counsel and head of data protection at Facebook,&nbsp;said the company&nbsp;has not received reports that the drivers&#39; compromised information was used inappropriately.&nbsp;</p><p>&quot;Uber takes seriously our responsibility to safeguard personal information, and we are sorry for any inconvenience this incident may cause,&quot; Tassi said in a statement. &quot;In addition, today we filed a lawsuit that will enable us to gather information to help identify and prosecute this unauthorized third party.&quot;</p><p>After the company found out about the breach, it started an investigation and modified its data security.&nbsp;</p>Mon, 02 Mar 2015 00:00:00 -0700{01B30C32-8A31-4E1A-AD79-60895E5033C8}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40041106.aspxHealth Care Companies May Need to Ramp Up Security Spending to Keep Up with ID Theft<p>While cyberthreats in the health sector may likely grow, the industry may only spend $10 billion by 2020 to protect their systems, according to ABI Research. The research firm noted that personal health information is often a target for cybercriminals. Massive data breaches like the intrusion at the second-largest health insurance company Anthem exposed personal records that could make patients victims of identity theft.&nbsp;</p><p>Crimes involving medical identity theft are increasing as cybercriminals&nbsp;take advantage of weak security systems that make health care providers vulnerable for cyberatttacks. As a result, medical identity theft surged 22 percent last year with nearly half a million people becoming victims,&nbsp;<a href="http://www.bloomberg.com/news/articles/2015-02-24/medical-id-theft-increases-as-more-u-s-health-data-goes-digital" target="_blank">Bloomberg reported</a>.&nbsp;</p><p><strong>The High Cost of Medical Identity Theft</strong><br />
Medical insurance or information fraud could cost people about $13,500 on average, a report by Ponemon Institute stated. After cybercriminals have victims&#39; personal or medical information, they could not only damage credit reports but also patient health records, which could endanger their victims&#39; well-being if there is a mix-up between patients.&nbsp;</p><p>The Ponemon Institute report revealed 19 percent of medical identity theft resulted in thieves&#39;&nbsp;information being included in victims&#39; medical reports.</p><p>Having the right medical information on these records may result in potentially harmful health care mistakes or victims could have positive drug tests block them from getting a job in the future.&nbsp;</p><p>Although health care companies are spending a little under 10 percent of the total expenses for infrastructure security, the industry could fight against data breaches and identity theft by increasing their security, according to ABI Research.</p><p>&quot;Cybersecurity for healthcare is still a small, fragmented market but the potential opportunities for expansion are large and will continue to grow as healthcare organizations increasingly come under cyberfire,&quot;&nbsp;Michela Menting, digital security practice director of&nbsp;ABI Research, said in a statement.&nbsp;</p>Fri, 27 Feb 2015 00:00:00 -0700{7BC9B00E-62AB-46B6-AE0C-A50571897863}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40040235.aspxSurvey: Firms Have Problems with Data Breach Detection<p>The vast majority of company data breaches were discovered only after an outside entity alerted these firms in 2014, indicating firms have issues with breach detection,&nbsp;<a href="http://www.scmagazine.com/m-trends-report-nearly-70-percent-of-breached-firms-alerted-by-outside-source/article/399928/" target="_blank">SC Magazine reported</a>. A report by Mandiant found 69 percent of respondents that experienced breaches learned about these intrusions after an organization, such as an&nbsp;IT security firm&nbsp;or law enforcement agency, notified the companies.</p><p>The sectors that were most at risk for cyberintrusions&nbsp;in 2014 were business and professional services, retail and financial services, <a href="http://media.scmagazine.com/documents/109/mandiant_m-trends_2015_27060.pdf" target="_blank">according to the report by Mandiant, a FireEye company</a>. The sector&nbsp;seeing a surge of cyber-related activity is the retail industry as Mandiant-driven investigations rose to 14 percent in 2014 from 4 percent the previous year.</p><p>This report highlights the vulnerabilities that firms have when it comes to data breach detection. Depending on their existing resources, companies may not be able to find and eliminate&nbsp;cyberthreats, including malware, from their systems before&nbsp;cybercriminals&nbsp;manage to steal or alter information.&nbsp;</p><p>Some companies will remotely hack into company systems using existing features like PowerCell in Windows, which could result in a greater number of data breaches.</p><p>&quot;More often than before, these groups are using&nbsp;WMI&nbsp;and&nbsp;PowerShell&nbsp;to move laterally, harvest credentials, and search for useful information within Windows environments,&quot; the report said. &quot;In the same way, many security researchers and penetration-testing tools have adopted&nbsp;PowerShell&nbsp;over the past several years.</p><p>Last year, cybercriminals used PowerShell to send infected Word and Excel files to victims in order to spread malware,&nbsp;<a href="http://blog.trendmicro.com/trendlabs-security-intelligence/word-and-excel-files-infected-using-windows-powershell/" target="_blank">TrendLabs reported</a>. Victims may not know their devices have been infected with malware because these are files they most likely encounter each day, making this malware even more dangerous.</p><p>With the risk of&nbsp;cyberattacks, firms should increase their IT security resources and prepare their employees for data breach threats, especially as malware is increasingly becoming the hacking tool of choice for&nbsp;cybercriminals.</p>Wed, 25 Feb 2015 00:00:00 -0700{E4F36296-77E8-4D42-BBED-CCD85E18A589}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40039777.aspxLinkedIn Password Data Breach Settlement Reaches $1.25 Million<p>LinkedIn will pay $1.25 million as part of a settlement for a data breach that exposed customer credentials in 2012, <a href="http://www.zdnet.com/article/linkedin-will-pay-1-25-million-to-settle-suit-over-password-breach/" target="_blank">ZDNet reported</a>. The class action suit claimed that the social networking site did not properly guard credentials, including passwords, from hackers.</p><p>In 2012, hackers from Russia stole 6.5 million passwords and posted the information on a Russian online forum, <a href="http://money.cnn.com/2012/06/06/technology/linkedin-password-hack/" target="_blank">CNNMoney&nbsp;reported</a>. About half of the passwords were available to the public in plain text after the hackers decoded them.</p><p>The password data breach could have put customer personal information at risk if hackers were able to access LinkedIn user profiles. Despite the major data breach, no usernames were compromised.&nbsp;</p><p>Even some IT security firms were affected in the breach as some professionals confirmed that their passwords were exposed on the Russian website.&nbsp;</p><p><strong>The Cause of the Breach</strong><br />
IT security experts believe the company implemented an old cryptography method called SHA-1 to encrypt passwords, which could have be easy for hackers to bypass, according to CNNMoney. However, firms recommend using a form of security called &quot;salt,&quot; which includes a random number, username or first name to the password to avoid decoding.</p><p>&quot;Any organization using SHA-1 without salting user passwords is running a great risk -- much higher than they should,&quot; said Per Thorsheim, chief information security advisor at&nbsp;EVRY, according to CNNMoney.</p><p>The money from the settlement will go toward individuals and entities who purchased LinkedIn&nbsp;premium subscriptions from March 15, 2006, to June 7, 2012, <a href="http://bits.blogs.nytimes.com/2015/02/23/linkedin-settles-class-action-suit-over-weak-password-security/?module=BlogPost-Title&amp;version=Blog%20Main&amp;contentCollection=Security&amp;action=Click&amp;pgtype=Blogs&amp;region=Body&amp;_r=1" target="_blank">The New York Times reported</a>.&nbsp;</p><p>LinkedIn responded to the settlement in a statement.&nbsp;</p><p>&quot;Following the dismissal of every other claim associated with this lawsuit, LinkedIn has agreed to this settlement to avoid the distraction and expense of ongoing litigation,&quot; the social media site said, according to the Times.&nbsp;</p>Tue, 24 Feb 2015 00:00:00 -0700{A838101C-A7E7-486D-821E-8258FD5B68AA}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40039467.aspxIdentity Theft, Tax Fraud Heating Up in Southern Florida<p>The southern part of Florida has been the center for tax fraud activity,&nbsp;leaving residents in the state anxious during tax season, <a href="http://www.miamiherald.com/news/local/crime/article10909865.html" target="_blank">the Miami Herald reported</a>. U.S. Attorney for the Southern District of Florida&nbsp;Wifredo&nbsp;Ferrer&nbsp;told the Miami Herald there are an estimated tens of thousands of identity theft victims in the area.</p><p>In addition to being the top-ranked state for identity theft, the U.S. Federal Trade Commission said South Florida was also the biggest metro area for this crime, having nearly four times the national average of identity theft complaints. &nbsp;Rather than rely on drugs to trade with other criminals,&nbsp;Ferrer&nbsp;said thieves are now using personal identity information as currency, increasing the number of identity theft cases and complaints in the state.</p><p>Children and young adults are often the targets of these identity thieves. In November 2014, Ferrer&nbsp;announced charges for a seventeen-person identity theft ring for stealing hundreds of identities of Miami Dade College students, <a href="http://www.fbi.gov/miami/press-releases/2014/charged-today-in-connection-with-stolen-identity-tax-refund-fraud-scheme-involving-student-financial-services-accounts" target="_blank">according to an FBI release</a>. In another case, an employee at a school cafeteria was able to access student information in the Miami-Dade public school system and sold hundreds of IDs for&nbsp;$10, which could have led to tax fraud.&nbsp;</p><p>While identity thieves can come from criminal backgrounds, others have had authorized access to sensitive consumer information and used their power to steal personal data to file fake tax returns. One identity thief was a police officer who used a laptop issued by the police department to view a state driver&#39;s license database and take information like&nbsp;Social Security numbers.&nbsp;</p><p>&quot;A lot of folks are doing it because they can make a lot of money and it&#39;s safe,&quot; Ferrer said. &quot;They&#39;re all stealing from the same pot of money [the IRS] because there&#39;s no competition.&quot;</p><p>With the rise of identity theft crime in the state, the IRS could speed up help and tax refunds to victims.&nbsp;</p>Mon, 23 Feb 2015 00:00:00 -0700{3B485218-17C5-46D2-8644-8530DA409C59}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40039032.aspxIRS Paid $5.8 Billion in Fraudulent Refunds Filed by Identity Thieves<p>The IRS paid $5.8 billion in fraudulent refunds due to identity theft in 2013, up from $3.6 billion in 2013, <a href="http://www.gao.gov/assets/670/667965.pdf" target="_blank">according to a report by the U.S. Government Accountability Office</a>. The increase in data breaches and identity theft activity could result in higher cases of tax return fraud. With consumer personal information like dates of birth and Social Security numbers, identity thieves could file tax returns in their victims&#39; names.</p><p>&quot;IDT&nbsp;refund fraud burdens honest taxpayers who have had fraudulent tax&nbsp;returns filed in their name because they must deal with delayed refunds as they authenticate their identities with the Internal Revenue Service&nbsp;(IRS),&quot; the GAO report stated. &quot;Additionally, IDT refund fraud is an attractive target for criminals&nbsp;with a potentially high payoff.&quot;</p><p>The agency also prevented $24.2 billion in fake tax returns in 2013. As identity thieves view tax fraud as a way to score millions of dollars, the IRS needs to improve its current procedures and tools to detect&nbsp;fraud. Currently, the IRS implements fraud filters and information return matching in addition to other efforts to combat identity theft.&nbsp;</p><p>As tax refund fraud continues to be a major challenge for the IRS, GAO recommended&nbsp;the agency make its fraud estimates more efficient by justifying cost-influencing assumptions and estimating and documenting the costs of potential choices for taxpayer authentication.&nbsp;</p><p>There are also steps taxpayers can take to avoid falling prey to identity thieves. Recently, the IRS issued an alert to consumers warning them about a new phishing scam that claims the agency needs up to date information, <a href="http://www.irs.gov/uac/Newsroom/IRS-Warns-Tax-Preparers-to-Watch-out-for-New-Phishing-Scam" target="_blank">according to an IRS release</a>. However, the IRS will not contact consumers via email, but rather send written letters. The agency said consumers should not click on links in these emails claiming to be from the IRS and report the scam messages to phishing@irs.gov.&nbsp;</p>Fri, 20 Feb 2015 00:00:00 -0700{169FF627-6E17-483D-92F7-5E6ED852BD55}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40038265.aspxMassive Anthem Data Breach Could Cost Billions<p>The major data breach at Anthem that affected millions of consumers may&nbsp;cost billions of dollars, <a href="http://www.bizjournals.com/stlouis/blog/health-care/2015/02/anthem-data-breach-could-cost-company-billions.html?page=all" target="_blank">St. Louis Business Journal reported</a>.&nbsp;Dan Nelson, an attorney at Armstrong Teasdale, said the Anthem data breach could result in legal costs and other expenses that may&nbsp;reach between $8 billion to $16 billion.&nbsp;</p><p>The massive breach at anthem exposed the personal information of 80 million people. Nelson, whose work is involved with contracts and securities, said Anthem could spend up to $200 per record.&nbsp;</p><p>&quot;That&#39;s a very serious amount of money for any company, regardless of how big it is,&quot; Nelson said, according to St. Louis Business Journal.</p><p>He said the minimum for a data breach could be $50 per record. In 2013, the average cost of a data breach cost a company $3.5 million, up 15 percent from the previous year, according to a 2014 report by the Ponemon Institute.&nbsp;</p><p>With the increasing costs of a data breach, companies should consider the risk of consumer lawsuits that could also drive up expenses. Anthem customers located in Denver recently filed two lawsuits with the district court, <a href="http://denver.cbslocal.com/2015/02/17/anthem-customers-sue-say-they-paid-for-protection-before-data-breach/" target="_blank">CBS affiliate&nbsp;WFOR in Denver reported</a>. The lawsuits allege that Anthem did not have adequate security to protect consumer information.&nbsp;</p><p>Patrick Peluso, an attorney who is representing a client who brought on a class action lawsuit against Anthem, claimed the&nbsp;company did not encrypt information.&nbsp;</p><p>&quot;Anthem included in their privacy policies and various parts of their websites, as required by Hipaa, that they have to safeguard people&#39;s information,&quot; Peluso said. &quot;They promised that they did safeguard it. They didn&#39;t as evidenced by the breach itself.&quot;</p><p>In addition to claiming Anthem did not have proper security measures, the lawsuits also said the company waited nine days before notifying customers about the breach.&nbsp;</p>Wed, 18 Feb 2015 00:00:00 -0700{09B0170E-6A8C-4892-BDEA-85F0F16918A9}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40037965.aspxCybercriminals Targeting Hardware Could Increase Cybersecurity Concerns<p>While the number of data breaches caused by malicious software&nbsp;grows as criminal&nbsp;cyberactivity increases, compromised hardware is a new threat could worsen security concerns, <a href="http://www.popsci.com/nowhere-to-hide" target="_blank">according to Popular Science</a>. While the birth of the microchip ushered in a new era of electronic advancements, cybercriminals could exploit vulnerabilities in computer systems through this very technology.&nbsp;</p><p>Although microchips are manufactured under careful conditions, there is the possibility that cybercriminals could find security flaws that could allow them to control these devices. Popular Science noted that some microchips are equipped with a mechanism to turn chips on and off remotely. The use of a kill switch could result in cybercriminals shutting down equipment or technology suddenly, which could disrupt operations or endanger the people using these devices.</p><p>General Michael Hayden, a retired Air Force four-star general, called the possibility of hardware hacking as a problem from hell at a&nbsp;cybersecurity panel at the Aspen Institute in 2011, according to Popular Science.</p><p><strong>How Encryption Could Help Reduce Security Concerns</strong><br />
With the risk of data breaches, companies should ensure that their hardware - from microchips to databases - are protected through encryption or other cybersecurity means to prevent information from being exposed. In 2013, most of the data breaches reported in California were the result of lost or stolen hardware, <a href="http://healthitsecurity.com/2014/10/31/majority-calif-health-data-breaches-stolen-hardware/" target="_blank">Health IT Security reported in October 2014</a>.&nbsp;</p><p>&quot;Data breaches pose a serious threat to the privacy, finances and personal security of California consumers,&quot; California Attorney General Kamala Harris said in a statement. &quot;The fight against these kind of cybercrimes requires the use of innovative strategies by government and the private sector to protect our state&#39;s consumers and businesses. I strongly encourage more use of encryption to significantly reduce the risk of data breaches.&quot;</p>Tue, 17 Feb 2015 00:00:00 -0700{B9F6E912-1379-43D0-91FD-FC2FCC57CA21}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40037228.aspxIRS, Identity Theft Victims Respond to Increase in Tax Fraud<p>As the IRS copes with the increase in tax-related identity theft cases this tax season, some victims of tax fraud are still waiting for their cases to be resolved, <a href="http://fox2now.com/2015/02/10/irs-tackling-rise-in-identity-theft-cases/" target="_blank">Fox affiliate&nbsp;KTVI&nbsp;in Missouri reported</a>. The IRS has worked to fight against the rise in suspicious returns. Between 2011 and November 2013, the IRS intercepted 14.6 million potentially fraudulent tax returns, <a href="http://www.irs.gov/uac/Newsroom/IRS-Combats-Identity-Theft-and-Refund-Fraud-on-Many-Fronts-2014" target="_blank">according to the IRS</a>.&nbsp;</p><p>The IRS said it had more than 3,000 employees working on identity theft cases that involve tax return fraud and other crimes. The agency also said it would provide training&nbsp;for over 35,000 workers, according a January 2014 statement. In addition to boosting&nbsp;resources to go toward identity theft investigations, the agency&nbsp;ramped up&nbsp;prosecutions of identity theft-related criminal investigations. The IRS said these investigations rose 66 percent in 2013 from the previous year.&nbsp;</p><p>The increase in data breaches experienced by financial services, health care and retail companies could contribute to the number of identity theft. Susan Doerge, a victim of the Anthem data breach, is concerned about identity theft.&nbsp;</p><p>&quot;First of all shock and anger, very mad,&quot; said Doerge, according to KTVI. &quot;It`s like you hear of this happening all the time, but when it happens to you, you`re like who are these people.&quot;</p><p>To help victims of tax fraud, the IRS suggests that consumers look out for red flags, which include receiving a letter from the agency about having more than one tax return filed with the same Social Security number. Consumers might have also obtained wages from an unfamiliar employer if someone else attempted to steal their identity.&nbsp;</p><p>If consumers suspect they are the victim of identity theft, they should request a fraud alert for their credit report from one of the three main credit reporting bureaus and response to IRS notices as soon as possible.</p>Thu, 12 Feb 2015 00:00:00 -0700{2E27A9A3-55F1-44C2-BB7F-4EC5E1ACCE5C}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40036793.aspxCybercriminals Could Increasingly Target Medical Records<p>While cybercriminals last year targeted retailers to steal customers&#39; financial data, hackers&nbsp;could shift their focus to health care providers&#39; medical records, <a href="http://www.usnews.com/news/business/articles/2015/02/09/health-care-records-make-fertile-field-for-cyber-crime" target="_blank">The Associated Press reported</a>. Although some consumers may not think their medical records with medical diagnoses and other information may not be in danger, cybercriminals&nbsp;value these documents because they are a wealth of personal information.&nbsp;</p><p>The rise in cyberattacks against health care providers and their third party companies could put consumer information at risk for data breaches and medical identity theft. Not only are diagnoses potentially exposed in breaches, names, addresses and Social Security numbers are in danger as well. All of this information could be used to commit fraud.</p><p>&quot;It&#39;s an entire profile of who you are,&quot; said Cynthia&nbsp;Larose, chair of privacy and security practice at&nbsp;Mintz&nbsp;Levin, according to the AP. &quot;It essentially allows someone to become you.&quot;</p><p>Despite victims&#39; best efforts to start fresh&nbsp;with a new Social Security number, negative remarks on old records could follow them,&nbsp;<a href="http://www.npr.org/2015/02/09/384875839/data-stolen-by-anthem-s-hackers-has-millions-worrying-about-identity-theft" target="_blank">according to NPR</a>. Although credit reporting bureaus and lenders will see a new Social Security number, they could also connect previous negative items associated with that personal identifying information.&nbsp;</p><p><strong>FBI Warned Health Care Industry About Risk</strong><br />
Recently, the data breach at the U.S.&#39;s second biggest health care insurer Anthem affected 80 million records and showed how vulnerable the health care sector is to cyberintrusions.</p><p>About 10 months before the Anthem breach, the FBI warned certain health care companies about potential security issues, <a href="http://www.thedenverchannel.com/decodedc/fbi-warned-health-care-providers-10-months-before-anthem-cyber-attack" target="_blank">Scripps News reported</a>. The agency believed health care industry did not have as strong cyberdefenses as the financial and retail sectors.&nbsp;</p><p>&quot;The health care industry is not technically prepared to combat against cyber criminals&#39; basic cyber intrusion tactics, techniques and procedures, much less against more advanced persistent threats,&quot; the bureau said, according to Scripps News.&nbsp;</p>Wed, 11 Feb 2015 00:00:00 -0700{07BE4219-AD3B-463E-9833-0F5AEB4F2264}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40036446.aspxStudy: Insurance Firms in New York Vulnerable to Malware, Data Breaches<p>As the second biggest health insurance firm Anthem deals with a massive data breach, a poll conducted by a New York regulator found insurers in the area experience a high level of malware activity, <a href="http://blogs.wsj.com/moneybeat/2015/02/09/new-york-regulator-polls-insurers-on-cyber-threats/" target="_blank">The Wall Street Journal reported</a>. The New York Department of Financial Services revealed 33 percent of insurers operating in the state said they were at risk for malware - the leading hacking technique in the study.&nbsp;</p><p>Of the 43 insurers surveyed that had a combined $3.2 trillion in assets, almost half of the respondents&nbsp;in the report provided health insurance.&nbsp;</p><p>Three years before the survey, 35 percent of respondents said they had one to five data breaches. About 2 percent said they experienced six to 10 breaches and 5 percent said they had more than 10 breaches.&nbsp;</p><p>With these companies representing billions of dollars in assets each, they are prime targets for cybercriminals who aim to infiltrate databases containing valuable corporate and personal information.&nbsp;</p><p>Firms in the survey felt confident that they had the resources to combat cyberattacks and data breaches. The survey discovered almost all of the respondents (98 percent) had an IT security framework. However, some of the largest insurers did not have strong defenses against cyber threats. The report also revealed just 14 percent of CEOs have&nbsp;monthly briefings on IT security, which could put organizations at risk for hacking.&nbsp;</p><p>The Anthem data breach represents the risk that cybercriminals&nbsp;could exploit vulnerabilities in computer systems, which is a recurring problem in IT infrastructure in the health care industry, <a href="http://www.cio.com/article/2880771/data-breach/what-the-anthem-data-breach-says-about-the-vulnerability-of-healthcare-it.html" target="_blank">according to CIO Magazine</a>. Analysts believe health care technology could suffer from age as well as poor budget&nbsp;support. Companies could prepare for cyber threats by improving their cybersecurity when transferring protected health information with business associates and when it comes to technologies that store consumer health information.</p>Tue, 10 Feb 2015 00:00:00 -0700{CD9A36E4-D27E-45D9-8A9A-F9365E542C7B}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40036073.aspxAnthem Cyberintrusion Could Lead to More Data Breaches, Identity Theft<p>The data breach at insurer Anthem could put consumers at risk for identity theft and companies in danger of more intrusions, <a href="http://www.nytimes.com/2015/02/07/business/data-breach-at-anthem-may-lead-to-others.html?_r=0" target="_blank">The New York Times reported</a>. Anthem recently confirmed a data breach that affected 80 million patient and employee records. The information exposed includes personal and medical information such as names, email addresses and Social Security numbers.&nbsp;</p><p>The cybercriminals&nbsp;responsible for improperly accessing Anthem&#39;s database could sell consumer&nbsp;information on black markets. This&nbsp;was the case for retail consumers whose information was breached in late 2013 or 2014, including Target.&nbsp;</p><p>The breach at Anthem serves as a warning for other medical organizations as cybercriminals could go after providers because they store valuable information that could be used for identity theft and fraud.&nbsp;</p><p>&quot;The industry has become, over the last three years, a much bigger target,&quot; said Daniel Nutkis, CEO of the Health Information Trust Alliance, according to the Times.</p><p><strong>Anthem Warns of Phishing Email Scam</strong><br />
If hackers decide to sell personal patient information, other cybercriminals could use this data to perpetuate scams and fraud.</p><p>After the breach, Anthem cautioned patients of a phishing email scam that claims to offer credit monitoring services, <a href="http://abcnews.go.com/Technology/wireStory/anthem-warns-phishing-emails-massive-hack-28780111" target="_blank">The Associated Press reported</a>. While companies often provide free credit monitoring services to help victims of data breaches, scammers could exploit the news of cyberintrusions to infect computers with malware as well as steal financial information.&nbsp;</p><p>Anthem said the emails claiming to provide credit monitoring did not come from the company, according to the AP. The company warned consumers they should not click on links within unsolicited emails or open attachments.</p><p>Instead of notifying customers through email or phone call, Anthem said consumers should wait for letters sent by the company via USPS that has instructions&nbsp;for signing up for credit monitoring.&nbsp;</p>Mon, 09 Feb 2015 00:00:00 -0700{B87B8EF5-1285-4B58-AED5-7011285CB6BA}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40035770.aspxTurboTax Freezes State Tax E-Filing Due to Rising Fraud Fears<p>With the risk of fake tax returns increasing this tax season, TurboTax decided to shutdown e-file state tax returns, <a href="http://www.usatoday.com/story/money/personalfinance/2015/02/06/turbotax-state-filings-halted/22979519/" target="_blank">USA Today reported</a>. The company suspects there is an increase in tax fraud activity that could result in identity thieves pilfering taxpayers&#39; tax refunds.&nbsp;</p><p>TurboTax&nbsp;already received word that identity thieves are filing fake tax returns using stolen personal information, such as names, dates and Social Security numbers. Thieves may try to file returns before taxpayers, which could result in duplicate forms - a problem already growing.&nbsp;</p><p>The IRS noted that identity theft is one of the biggest concerns for taxpayers. The IRS said it prevented 19 million suspicious returns and stopped more than $63 billion in fake returns from going into the hands of identity thieves, <a href="http://www.irs.gov/uac/Newsroom/Identity-Theft-a-Major-Concern-on-the-IRS-Annual-Dirty-Dozen-List-of-Tax-Scams-to-Avoid" target="_blank">according to an IRS statement</a>.&nbsp;</p><p><strong>Future of Fraud in Tax Season for 2015</strong><br />
One of the states that has prevented electronic filing from going forward is Minnesota because of detected fraud activity,&nbsp;<a href="http://money.cnn.com/2015/02/06/news/companies/turbotax/" target="_blank">CNNMoney&nbsp;reported</a>.&nbsp;</p><p>&quot;Some Minnesota taxpayers have recently found that when they log in to&nbsp;TurboTax&nbsp;to file their tax return, they see that a return has already been filed,&quot; said the state, according to CNNMoney.&nbsp;</p><p>Although the company halted electronic filing of state returns, federal tax returns are fine.<br />
<br />
Playing a major part in combating fraud, the IRS said it will use identity theft data models and filters to find fake returns for the 2015 tax season. However, these models may not catch all of these fraudulent&nbsp;returns. The IRS warns consumers to keep their sensitive information safe from thieves.&nbsp;</p><p>&quot;We urge people to protect themselves and use caution when viewing emails, receiving telephone calls or getting advice on tax issues,&quot;&nbsp;IRS Commissioner John Koskinen said in a statement. &quot;Keep your personal information safe and secure. Taxpayers should protect their computers and only give out their Social Security numbers when absolutely necessary.&quot;</p>Fri, 06 Feb 2015 00:00:00 -0700{F2C8D9BB-710D-47C5-98EE-E51E9859974B}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40035449.aspxAnthem Data Breach Impacts 80 Million Personal Records, Including CEO's<p>The second biggest health insurance company in the U.S. confirmed a massive data breach that could expose an estimated 80 million records, <a href="http://thirdcertainty.com/news-analysis/breathtaking-anthem-breach-puts-80-million-risk-identity-theft/" target="_blank">ThirdCertainty reported</a>. Anthem, which provides health care coverage in several states, said hackers infiltrated a database containing&nbsp;customer and employee information, including names, dates of birth and Social Security numbers.&nbsp;</p><p>The number of consumers affected in the Anthem data breach could surpass other big hacking incidents, including the breach at Home Depot that occurred in September 2014.&nbsp;</p><p>After discovering the data breach, Anthem said it will notify customers who may have been affected,&nbsp;<a href="http://money.cnn.com/2015/02/04/technology/anthem-insurance-hack-data-security/" target="_blank">CNNMoney reported</a>. In addition to customers, the company&#39;s employees had their information accessed.&nbsp;CEO Joseph Swedish said in a note to customers that he also had his information improperly viewed by hackers.&nbsp;</p><p>&quot;We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data,&quot;&nbsp;Swedish said, according to CNNMoney.</p><p><strong>FBI Investigating Data Breach</strong><br />
The FBI, which has been instrumental in data breach investigations in other big cases, said that it was working to determine the circumstances surrounding the cyberintrusion. The agency highlighted Anthem&#39;s quick response after learning about the data breach.&nbsp;</p><p>&quot;Anthem&#39;s initial response in promptly notifying the FBI after observing suspicious network activity is a model for other companies and organizations facing similar circumstances,&quot; the FBI said. &quot;Speed matters when notifying law enforcement of an intrusion.&quot;</p><p>To help speed up data breach alerts, the Obama administration&nbsp;proposed the Personal Data Notification &amp; Protection Act to require companies to tell consumers their data was compromised within a 30-day period of the breach, <a href="http://www.whitehouse.gov/the-press-office/2015/01/12/fact-sheet-safeguarding-american-consumers-families" target="_blank">the White House said in a statement</a>. By informing consumers sooner, they could protect themselves from fraud by requesting new cards or freezing their credit.&nbsp;</p>Thu, 05 Feb 2015 00:00:00 -0700{561F13BF-CCAE-45C6-A30E-B3B9E34E1D7F}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40035131.aspxUsers Randomly Tagged On Facebook Could Be Targeted by Malware<p>A recent scam on Facebook could have infected thousands of users on Facebook with malware, <a href="http://www.theguardian.com/technology/2015/feb/02/facebook-porn-video-flash-update-malware" target="_blank">The Guardian reported</a>. The social media scam spreads through Facebook friends who send links to a racy video clip. While the link is designed to catch&nbsp;attention, it could also infect users without their knowledge. After the users click on the link, they are directed to a download for a fake flash player, which contains the trojan malware.&nbsp;</p><p>In only two days, the malware has already affected 110,000 users, according to Mohammad Reza Faghani, an IT security researcher, in a post.&nbsp;</p><p><strong>New Technique Spreads Malware Quickly on Social Media</strong><br />
​Faghani said the trojan&nbsp;used a technique that varied from other social media scams. Rather than simply taking&nbsp;over a Facebook account and sending&nbsp;personal messages to&nbsp;users&#39; friends, the newest scam uses malware to post on the network and tag numerous people.<br />
<br />
This method is more effective in reaching a wide group of people in a short amount of time compared to simply targeting individual users.&nbsp;Faghani called the use of mass tagging on social media site scams the &quot;Magnet&quot; technique.&nbsp;</p><p>&quot;In this case, the tag may be seen by friends of the&nbsp;victim&#39;s friends as well, which leads to a larger number of potential&nbsp;victims,&quot; Faghani said in a post. &quot;This will speed up the malware propagation.&quot;</p><p><strong>Response from Facebook</strong><br />
Facebook has responded to news of the scam by saying they have tools to detect malware and prevent its spread, The Guardian reported.&nbsp;</p><p>&quot;We use a number of automated systems to identify potentially harmful links and stop them from spreading,&quot; a Facebook spokesperson said in a statement. &quot;In this case, we&#39;re aware of these malware varieties, which are typically hosted as browser extensions and distributed using links on social media sites.&quot;</p>Wed, 04 Feb 2015 00:00:00 -0700{61CB4C5F-BD57-488B-8514-237DE992628D}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40034305.aspxWhatsApp Data Breach Highlights Privacy Protection Vulnerability<p>Mobile messaging app&nbsp;WhatsApp&nbsp;users could have their private pictures seen publicly due to a privacy protection glitch, <a href="http://www.infosecurity-magazine.com/news/whatsapp-privacy-flaw-reveals-user/" target="_blank">Infosecurity&nbsp;Magazine reported</a>. A 17-year-old user of the app revealed the flaw, claiming that the Web and mobile versions of the app are not correctly synced, resulting in photos being visible&nbsp;to strangers.</p><p><strong>Past Problems with Mobile Messaging App</strong><br />
​WhatsApp&nbsp;has also had problems with security glitches in the past that could have resulted in data breaches. In 2014, a security researcher found&nbsp;Android users of WhatsApp could have their information stolen by cybercriminals because of a flaw, <a href="http://www.theguardian.com/technology/2014/mar/12/whatsapp-android-users-chats-theft" target="_blank">The Guardian reported</a>. The researcher noted many Android devices are at risk for data breaches because of this WhatsApp problem since the app saves information on the SD card and any application could read and write to the card - even when the data is from other apps.&nbsp;</p><p>This flaw could allow cybercriminals to read the WhatsApp messages on the message database and then upload the information into a personal Web server, <a href="http://www.businessinsider.com/crucial-whatsapp-security-issue-2014-3" target="_blank">Business Insider reported</a>. The scariest part of this particular flaw was users would most likely not notice all of this happening in the background.&nbsp;</p><p><strong>IT Security Experts Call for Fix to Glitch</strong><br />
This and the latest glitch reported worried IT security experts. They want the mobile app company to fix the most recent glitch that could pose a privacy risk to users, according to Infosecurity Magazine.&nbsp;</p><p>&quot;Sure, it&#39;s not the most serious privacy breach that has ever occurred, but that&#39;s missing the point,&quot; wrote Graham&nbsp;Cluley, a security blogger in the U.K., according to&nbsp;Infosecurity&nbsp;Magazine. &quot;The fact of the matter is that&nbsp;WhatsApp&nbsp;users chose to keep their profile photos private, and their expectation is that&nbsp;WhatsApp&nbsp;will&nbsp;honor&nbsp;their choices and only allow their photos to be viewable by those who the user has approved,&quot; he wrote in a blog post.</p>Mon, 02 Feb 2015 00:00:00 -0700{3D3CFD0A-0E02-4AF6-B33D-34F5576C064C}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40033799.aspxEmployee Breach at Investment Firm Highlights Insider Risks<p>A former spokesperson for a large investment firm may have committed an insider breach after exposing confidential documents to The New York Times,&nbsp;<a href="http://www.infosecurity-magazine.com/news/insider-threat-alert-spokesman/" target="_blank">Infosecurity Magazine reported</a>. TPG Global said former worker Adam Levine stole and modified documents from the company and submitted them to a Times reporter.&nbsp;</p><p>Levine may have sent the data to other people, as TPG&nbsp;Global said it will pursue a court order for the former employee to report who else received the data.&nbsp;</p><p>The rise of insider threats could mean an increase in data breaches that expose business and customer information. About 93 percent of U.S. companies believe their organizations could be at risk for insider breaches, according to a report by Vormetric. The threat of insider-caused breaches was heightened after Edward Snowden revealed sensitive&nbsp;information from his employer, the National Security Agency.&nbsp;</p><p>&quot;As much as we may have hoped to believe it, the Edward Snowden affair was not our data security pinnacle,&quot; Andrew Kellett, lead analyst for Ovum, said in a statement. &quot;According to the report, almost half of the U.S. organizations polled experienced a data breach or failed a compliance audit in the past year - which tells us the situation has probably gotten more complicated.&quot;</p><p><strong>How to Prevent Data Theft</strong><br />
While the risk of data breaches could increase, companies could protect their systems by preventing unauthorized employees from accessing information. Despite this extra protection, there is still a security loophole for insiders to breach.&nbsp;</p><p>&quot;However, sadly you can&#39;t protect against staff that are allowed access to the data in the first place, but having logs of exactly what and where data is being copied too will help keep it in the right hands, and also enable early warning signs if something is amiss,&quot; said Mark James, Eset security specialist, according to Infosecurity Magazine.&nbsp;</p>Fri, 30 Jan 2015 00:00:00 -0700{A1150DAE-B4E1-48C0-8354-8FB9170B97ED}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40033322.aspxLawmakers, Retailers Urge Approval of Bill for Stronger Data Protection<p>Two lawmakers reached across the aisle to introduce a new&nbsp;bipartisan bill that aims to introduce a federal data breach standard, <a href="http://thehill.com/policy/cybersecurity/231112-house-gets-data-breach-bill" target="_blank">The Hill reported</a>. Reps.&nbsp;Joe Barton, R-Texas, and Bobby Rush, D-Ill., proposed the bill that could strengthen data security for companies and require them to&nbsp;notify customers and the U.S. Federal Trade Commission.</p><p>The&nbsp;Data Accountability and Trust Act also has a component that would set penalties for companies that do not follow the bill&#39;s proposed security standards. Companies found in violation of the rule could be subjected to a maximum penalty of $5 million.&nbsp;</p><p>Members of Congress believe there is a good chance that a federal data breach bill will be approved in 2015 despite previous versions failing to pass, according to the Hill. Members of Congress were unable to pass a version in 2014.&nbsp;</p><p>However, a rise in data breaches in 2014 prompted a call from the public and companies for a widespread data security standard in 2015.&nbsp;</p><p><strong>Retailers Come Together to Call for Data Protection Standard</strong><br />
In the same week as Reps. Barton and Rush introduced the bill, the National Retail Federation urged the government to come together to pass a federal breach notification law, according to an NRF statement.</p><p>&quot;A single uniform national standard for notification of consumers affected by a breach of sensitive data would provide simplicity, clarity and certainty to both businesses and consumers alike,&quot; David French, senior vice president for government relations at&nbsp;NRF, said in a statement. &quot;A federal breach notification law would ensure reasonable and timely notice to consumers while providing clear compliance standards for businesses.&quot;</p><p>French said the legislation should include all types of entities that handle personal information, which could result in a variety of industries investing in improved data protection technologies, according to the NRF statement.</p>Thu, 29 Jan 2015 00:00:00 -0700{6715E91D-15A1-4EF2-A7BD-CA690E364146}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40032889.aspxFTC: Tax Fraud Was No. 1 ID Theft Complaint in 2014<p>Identity theft for tax fraud purposes was the No. 1 identity theft complaint in 2014, <a href="http://www.ftc.gov/news-events/press-releases/2015/01/tax-id-theft-tops-ftc-complaints-2014-irs-imposter-complaints" target="_blank">according to the U.S. Federal Trade Commission</a>. Of the 332,646 identity theft complaints in 2014, the FTC said there were 109,063 complaints regarding tax identity theft. The number of tax fraud cases could increase in 2015 as criminals see this as an opportunity to steal money, using their victims&#39; information to file fake tax returns and obtain refunds.</p><p><strong>How Consumers Can Protect Themselves from Scam</strong><br />
With identity theft complaints up, consumers should be aware of common scams. Scammers often call up victims, impersonating IRS or federal officials and demanding they pay the money they owe using a wire service. The FTC said there were 54,690 complaints of identity thieves masking as IRS officials in 2014, up from&nbsp;2,545 in 2013.&nbsp;</p><p>&quot;We&#39;ve seen an explosion of complaints about callers who claim to be IRS agents - but are not,&quot; said Jessica Rich, director of the FTC&#39;s Bureau of Consumer Protection. &quot;IRS employees won&#39;t call out of the blue and threaten to have you arrested or demand specific methods of payment.&quot;</p><p>With the risk of tax fraud potentially higher this year, consumers could follow basic precautions to protect themselves as tax season begins. Consumers could shred documents listing their personal information, such as Social Security numbers, or lock their mailboxes, according to a report by the AARP Fraud Watch Network.&nbsp;</p><p>&quot;Throwing a pay stub in the trash may seem easier than finding a shredder, but the risk of having your tax refund stolen is just too great,&quot; Bob Gallo, Illinois state director&nbsp;at AARP, said in a statement. &quot;The Fraud Watch Network is urging all Illinoisans to file early so you can beat con artists to the punch.&quot;</p>Wed, 28 Jan 2015 00:00:00 -0700{B081431A-906A-4E3E-917D-D163139F254F}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40032485.aspxSurvey: IT Security Professionals May Be Unaware of Threat of Internet of Things Devices<p>With enterprise solutions increasingly involving the Internet of Things that make up the infrastructure necessary to do business, companies need to address threats that could put corporate and consumer data at risk. However, some organizations may not be doing enough to curb these problems before they start. The majority of IT professionals and executives in a variety of industries in the U.S. and U.K. said they predict they will use IoT devices although they could have an increased security risk, according to online market research firm&nbsp;Atomik Research and Tripwire.</p><p>The survey found 46 percent believe the loopholes that come with IoT technology could become the biggest threat for their corporate networks.&nbsp;</p><p>Although almost half of respondents believe that IoT devices could be a huge risk, there are others that are not as worried because they may not be aware of the&nbsp;potential vulnerabilities.&nbsp;</p><p>&quot;The reason many enterprises are relatively &#39;unconcerned&#39; about the security of IoT devices is because they misunderstand the risk,&quot; Chris Conacher, security development manager at Tripwire, said in a statement. &quot;They may believe they have &#39;solved&#39; the security problem, when they have not. Alternatively, they may believe that there is no security problem when there is.&quot;</p><p>Although some firms may be unconcerned, others that&nbsp;experienced data breaches or anticipate attacks in the future have prepared for intrusions by ramping up cybersecurity spending.&nbsp;</p><p>After a data breach that exposed the information of 76 million households and 7 million businesses, JP Morgan Chase announced in 2014 it would double its cybersecurity spending in the next five years, <a href="http://www.wsj.com/articles/j-p-morgans-dimon-to-speak-at-financial-conference-1412944976" target="_blank">The Wall Street Journal reported</a>. Last year, the financial services firm spent $250 million on cybersecurity.&nbsp;</p><p>Global IT spending is projected to grow 2.4 percent from in 2014 to reach $3.8 trillion in 2015, according to research firm Garner. Companies could increase their IT security spending to prepare for security threats associated with IoT technology.&nbsp;</p>Tue, 27 Jan 2015 00:00:00 -0700{500747D8-9A29-4A4A-8E8A-8BA39704E37C}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40032455.aspxFDA Approval of Mobile Medical Applications Fuels Data Protection Debate<p>The U.S. Food and Drug Administration recently approved marketing for mobile applications for sharing health care data,&nbsp;<a href="http://healthitsecurity.com/2015/01/26/secure-healthcare-data-sharing-apps-approved-by-fda/" target="_blank">HealthIT Security reported</a>. This marks the first time the FDA allowed marketing for medical applications that share information with mobile technology. The device allows diabetes patients to transfer information from a&nbsp;continuous glucose monitor with other people using an iPhone or another&nbsp;mobile device, <a href="http://www.fda.gov/NewsEvents/Newsroom/PressAnnouncements/ucm431385.htm" target="_blank">according to an FDA statement</a>.&nbsp;</p><p>&quot;This innovative technology has been eagerly awaited by the diabetes community, especially caregivers of children with diabetes who want to monitor their glucose levels remotely,&quot; Alberto Gutierrez, director of the Office of In Vitro Diagnostics and Radiological Health in the FDA&#39;s Center for Devices and Radiological Health, said in a statement. &quot;Today&#39;s marketing permission paves the way for similar technologies to be marketed in the United States.&quot;</p><p>While the FDA gave the green light for mobile apps that collect patient information, privacy protection advocates are concerned this data may not be secure. In the same month the FDA approved these medical applications, the&nbsp;National Institute of Standards and Technology released a guidance document to reduce the risks of mobile enterprise applications, according to document issued by the NIST.&nbsp;</p><p>The NIST said organizations should consider vetting applications to lower software vulnerabilities that could put information at risk for data breaches or identity theft.&nbsp;</p><p>The federal technology agency said companies should consider security requirements and issues that could result in loopholes for cyberattackers to exploit. The report noted that mobile devices often have a variety of ways to connect with a network, which could make them more vulnerable to threats.&nbsp;</p><p>&quot;Further, mobile devices are not physically protected to the same extent as desktop or laptop computers and can therefore allow an attacker to more easily (physically) acquire a lost or stolen device,&quot; the NIST report said.</p><p>As medical mobile applications become more common, companies should secure their apps to protect consumer information.&nbsp;</p>Tue, 27 Jan 2015 00:00:00 -0700{C657BA47-FE27-45A6-870C-D732AB1819E9}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40032069.aspxObama Administration to Improve Privacy Protection for Healthcare.gov<p>The Obama administration is working toward improving privacy protection for users of the national health insurance marketplace Healthcare.gov, <a href="http://www.usnews.com/news/politics/articles/2015/01/24/more-privacy-protection-sought-for-feds-health-care-website" target="_blank">The Associated Press reported</a>. Consumer advocates previously voiced concerns that Healthcare.gov, created after the implementation of the Affordable Care Act, did not properly protect user information by sharing certain data with private companies.&nbsp;</p><p>Users input their information into the site&nbsp;to find out about health care plans. Glitches on the website marred the launch of Healthcare.gov on Oct. 1, 2013, as users had difficulties signing up for insurance and the site crashed due to heavy traffic, <a href="http://blogs.wsj.com/cio/2013/12/24/healthcare-govs-sickly-launch-defined-bad-it-projects-in-2013/" target="_blank">The Wall Street Journal reported</a>.&nbsp;</p><p>Lawmakers called for greater security for the website amidst&nbsp;worries that the health care insurance portal could be the target for cyberattackers looking for valuable information.</p><p><strong>Consumer Concerns About Privacy Protection</strong><br />
Consumers also had concerns their personal information may be used for marketing purposes or other ways they did not intend. When a&nbsp;consumer is sent to third-party websites, this represents security loopholes that could endanger the main website, <a href="https://www.eff.org/deeplinks/2015/01/healthcare.gov-sends-personal-data" target="_blank">according to the nonprofit Electronic Frontier Foundation</a>.&nbsp;</p><p>&quot;Third-party resources could also introduce additional security risks to the healthcare.gov website, with each included third-party resource increasing the attack surface of the site,&quot; EFF said in a statement. &quot;If an attacker were able to compromise just one of the third party resources included on healthcare.gov they could potentially compromise the accounts of every user of healthcare.gov.&quot;</p><p><strong>Changes to How Federal Marketplace Uses Data</strong><br />
As part of the changes to the healthcare.gov to increasingly protect consumer information, the administration will not send the following information to outside companies: age, income, ZIP code and tobacco use.</p><p>The U.S.&nbsp;Department of Health and Human Services said that no personal information collected on healthcare.gov was misused, according to the AP.</p>Mon, 26 Jan 2015 00:00:00 -0700{9FC6A9A1-428D-4484-AF1C-F9B68EF7D41A}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40031559.aspxMetropolitan State University in Minnesota Reports Cyberattack<p>Metropolitan&nbsp;State University in Minnesota revealed a data breach that could have exposed the personal information of an undetermined number of people, <a href="http://www.scmagazine.com/minnesota-university-warns-of-likely-breach/article/393569/" target="_blank">SC Magazine reported</a>. The university said the source of the data breach is likely a vulnerability in its computer system, which allowed cyberattackers to access a database containing the information.&nbsp;</p><p>The university has not pinpointed the individuals who were impacted by the breach yet,&nbsp;but&nbsp;said the database cybercriminals inappropriately viewed had the information of students, faculty and staff. The educational institution does not believe the attackers&nbsp;accessed financial data.&nbsp;</p><p>Metropolitan State said it worked with IT experts from Minnesota State Colleges and Universities (MnSCU) and the State of Minnesota&#39;s IT division to help with the investigation, <a href="http://www.metrostate.edu/message-from-president.pdf" target="_blank">according to a statement by the university</a>.&nbsp;</p><p>Universities are often the target of cybercriminals&nbsp;as they have valuable information like Social Security numbers and patent or research documents. In addition to data breaches resulting in identity theft for students, they could hurt universities financially, <a href="http://chronicle.com/article/Data-Breaches-Put-a-Dent-in/145341/" target="_blank">The Chronicle of Higher Education reported in 2014</a>. The data breach at the University of Maryland that same year was projected to cost millions of dollars after attackers accessed almost 310,000 records.&nbsp;</p><p>Once universities discover a breach, they could A frequently asked questions document noted that Metro State implemented new data and network security measures, <a href="http://www.metrostate.edu/qa.pdf" target="_blank">according to Metropolitan State</a>. In addition, Metropolitan State said it moved its website to a new server, which will temporarily affect its Web services and links.&nbsp;</p><p>&quot;We are confident that we have addressed the issues highlighted by this attack,&quot; the university said in a FAQ document. &quot;The&nbsp;vulnerabilities that we believe permitted the breach have been disabled, and the affected server&nbsp;has been removed from service and a new server installed.&quot;</p><p>The university said once it finds individuals who had their information breached, it will send a data breach notification over the mail and update information on its website.&nbsp;</p>Fri, 23 Jan 2015 00:00:00 -0700{22F92CC0-34C5-467F-BA65-B3E8453A50C8}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40030711.aspxBank Tellers, Identity Thieves Worked Together to Steal $850,000<p>New York Attorney General Eric T. Schneiderman announced two men were convicted of an identity theft scheme that involved bank tellers, stealing more than $850,000 from local bank customers, <a href="http://www.americanbanker.com/news/bank-technology/two-plead-guilty-in-new-york-identity-theft-case-1072248-1.html" target="_blank">American Banker reported</a>. The two men targeted banks in the Westchester and New York City area between July 2010 and June 2014. The banks affected include JP Morgan Chase, Bank of America and Wachovia.</p><p><strong>Tellers Involved in Bank Fraud</strong><br />
​Schneiderman said the two men took advantage of hundreds of bank customers by obtaining their personal information from tellers, such as victims&#39; Social Security numbers.</p><p>Three tellers were involved in the bank fraud scheme by searching for bank customers with common names and stealing their information. Two of the tellers pleaded guilty to charges,&nbsp;<a href="http://www.lohud.com/story/news/crime/2015/01/20/tyrone-lee-anthony-davis-convicted-identity-theft-ring/22075477/" target="_blank">the Journal News reported</a>.</p><p>After stealing customers&#39; personal details and account numbers, the head of the scheme then made fake ID cards and checks. They recruited other people to assume the identity of their victims&#39; and took the money out of these accounts.</p><p>The charges brought against them include grand larceny in the second degree, identity theft in the first degree and scheme to defraud in the first degree, according to a statement by the Attorney General&#39;s Office.</p><p>&quot;Identity theft must be met with tough prosecution so that businesses and consumers can know that they are being protected,&quot; Schneiderman said in a statement. &quot;Today&#39;s conviction sends a strong message. If you commit this kind of crime, you will face jail time.&quot;</p><p>In addition to targeting banks in Westchester and New York, the pair also withdrew money in Connecticut and Massachusetts.</p><p>The two men who acted as ringleaders in the identity theft scheme will be sentenced April 2. Two of the tellers who pleaded guilty have sentencing schemed in February and March, respectively, according to the Journal News.</p>Wed, 21 Jan 2015 00:00:00 -0700{C8BF3A8E-C1DC-45A1-821A-DF4BD3E1C8BE}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40030397.aspxEmail Mishap Causes Patient Data Breach in Massachusetts<p>The Massachusetts Department of Public Health is facing criticism after potentially exposing the information of thousands of patients, <a href="http://healthitsecurity.com/2015/01/20/potential-patient-privacy-violations-in-mass-emails/" target="_blank">Health IT Security reported</a>. The claims show that the department violated patient privacy protection regulations by sending emails with personal identifying information for those in the state&#39;s medical marijuana program.</p><p>The possible email data breach compromised patient personal information, including their full names and registration numbers for the program. The patients were sent emails with the subject lines that stated they were approved in the medical marijuana program.</p><p>Nicole Snow, deputy director of the Massachusetts Patient Advocacy Alliance, said since that people often check their email in public, patient information should be carefully handled.</p><p>In 2011, a health care provider in Massachusetts reported a data breach of patient information that resulted in a $1 million settlement, <a href="http://commonhealth.wbur.org/2011/02/mass-general-privacy/" target="_blank">NPR affiliate WBUR in Boston reported</a>. Massachusetts General Hospital agreed to pay the settlement to the U.S. Department of Health and Human Services after almost 200 patients with HIV/AIDs had their information lost on a public transit train.</p><p>The settlement statement revealed an employee of the MGH had documents containing protected health information, such as patient names, medical record numbers and diagnoses, on the subway. The employee accidentally walked off the subway without the documents with her and the records were not recovered.</p><p>With the debate about what constitutes a violation of privacy protection, health care organizations should review the regulations connected with the HIPAA and reassessing their procedures for patient communication.</p><p>After discovering a potential data breach, the state health department took off the patient information and revised the subject line of the email. The agency also said it will try to follow best practices when sending emails for the state&#39;s medical marijuana program.</p>Tue, 20 Jan 2015 00:00:00 -0700{0CD1FF72-3CDD-4041-8652-D5D1275DA86F}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40029976.aspxTexas Banks Confirm Retail Data Breach, Reissue Thousands of Cards<p>Local banks in Graham, Texas, were forced to send thousands of new debit cards to customers in the area after a data breach at a nearby retailer, <a href="http://www.grahamleader.com/ci_27334416/local-banks-report-large-scale-data-breach.html" target="_blank">The Graham Leader reported</a>.</p><p>First State Bank CEO Jay Gober said the bank learned about the breach Jan. 14. The breach affected about 15 percent of debit card-carrying customers. The retailer told the bank the breach potentially exposed customer information.</p><p>Gober&nbsp;said that its customers shopped at the retailer and the bank will need to send about 1,000 debit cards to consumers.</p><p>The report did not name the retailer that experienced the data breach.</p><p><strong>Banks Report Higher Costs After Breaches</strong><br />
When a retailer confirms a data breach, banks and payment service companies often take a hit in revenue. Credit unions and local banks&nbsp;are especially affected as they have fewer resources to handle credit and debit card fraud.</p><p>When the data breach at Home Depot occurred&nbsp;last year, bankers had to reissue almost 7.5 million credit and debit cards, resulting in $90 million in&nbsp;costs, <a href="http://www.icba.org/news/newsreleasedetail.cfm?ItemNumber=189537" target="_blank">according to the Independent Community Bankers of America</a>.&nbsp;</p><p>&quot;Community banks continue to absorb exorbitant costs due to data breaches, and they do so upfront because their primary concern is to protect their customers,&quot; ICBA Chairman John Buhrmaster said in a statement.</p><p>Buhrmaster said the money spent reissuing cards could have been used to lend to homeowners and small business owners. He said the organization supports shifting data breach costs from local banks and consumers to the organization that reported the breach.&nbsp;</p><p><strong>Local Graham Banks Report Rise in Fraud</strong><br />
In addition to First State Bank,&nbsp;Ciera Bank and&nbsp;Graham Savings servicing the area also issued new cards. Troy Lambden, president of Graham Savings, noted an uptick in debit card fraud activity in the beginning of 2015.</p><p>&quot;With the Target and other breaches, we had to reissue several, but debit card fraud in general has really increased just in the last few weeks,&quot; Lambden said.&nbsp;</p>Mon, 19 Jan 2015 00:00:00 -0700{DC9D3800-2AF8-478C-9A7D-5C4830AF2D1E}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40029587.aspxCyberattackers Steal Customer Data from Pet Supply Site<p>A pet supply retailer alerted customers to a data breach that could have exposed&nbsp;their personal and financial information, <a href="http://www.scmagazine.com/payment-cards-targeted-in-attack-on-pet-supplies-website/article/392821/" target="_blank">SC Magazine reported</a>.</p><p>The source said several thousands of customers&nbsp;may be affected. The company that reported the data breach, ValuePetSupplies.com, said it is uncertain whether hackers were able to access certain customers&#39; personal information but sent letters to notify them of the risk of identity theft and fraud.&nbsp;</p><p>Hackers attacked the firm&#39;s servers and installed malicious files. The files then recorded information from customers who used&nbsp;ValuePetSupplies.com.&nbsp;</p><p>The company said the breach lasted between Nov. 25 and Dec. 29, 2014. The personal information affected by the breach includes&nbsp;customer names, addresses and email addresses. In addition, hackers may have obtained payment card data, such as credit and debit card numbers and the verification codes found on the back of cards.&nbsp;</p><p><strong>Cyberattackers Target Growing Pet Industry</strong><br />
​Cyberattackers may be targeting pet food and supply retailers like the company in the breach as the pet industry continues to see significant growth.&nbsp;</p><p>Sales in the pet industry are estimated to have reached $58.51 billion in 2014, up from $55.72 billion the previous year, <a href="http://www.americanpetproducts.org/press_industrytrends.asp" target="_blank">according to the American Pet Products Association</a>. Pet supplies and over the counter medicine alone is estimated to be worth $13.72 billion in 2014.</p><p>Once ValuePetSupplies.com discovered the data breach, the pet company said it contacted IT security professionals to find and delete the malware that may have resulted in the breach, according to the company statement.&nbsp;</p><p>The company recommended customers impacted in the data breach&nbsp;to&nbsp;review their credit report and bank statements to determine if&nbsp;there is any fraudulent activity.&nbsp;</p><p>After account passwords and emails were also exposed in the breach, the letter suggested users change their password for the site as well as any other websites that used the same password.&nbsp;</p>Fri, 16 Jan 2015 00:00:00 -0700{27B8D71F-BEF8-41E5-9F31-5DF13AA13BB7}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40029189.aspxState Attorneys General Urge Greater Consumer Protections for Identity Theft, Data Breaches<p>After 2014 saw numerous data breaches&nbsp;significantly&nbsp;affect&nbsp;customers and businesses, several top state legal officials now put&nbsp;more emphasis on combating the effects of identity theft and cyberintrusions.</p><p>Identity theft is a growing problem for law enforcement authorities in states like Ohio as the number of cases rise and more consumers suffer financial losses. Ohio Attorney General Mike DeWine said identity theft soared to the top 10 list of consumer complaints in 2014 - the first time for this particular crime, <a href="http://www.dispatch.com/content/stories/business/2015/01/15/identity-theft-now-frequent-complaint-to-ohio-ag.html">The Columbus Dispatch reported</a>.&nbsp;</p><p>&quot;Ohio families work hard for their money, and we want to help ensure that they are treated fairly,&quot; DeWine&nbsp;said in a statement, according to the Dispatch. &quot;Consumer complaints also help us identify and pursue scam artists who prey on the most vulnerable among us.&quot;</p><p>In connection with the increase in identity theft complaints is the boost of tax fraud cases. Kate Hanson,&nbsp;spokeswoman at the attorney general&#39;s office, said thieves may use consumers&#39; personal information to file a tax return and steal money intended for the victim.&nbsp;</p><p><strong>New York Attorney General Proposes New Cybersecurity Law</strong><br />
In New York, the state&#39;s attorney general voiced support for stronger data security legislation that aims to protect consumers after data breaches, <a href="http://www.bloomberg.com/news/2015-01-15/n-y-attorney-general-plans-strongest-data-security-law-in-u-s-.html" target="_blank">Bloomberg reported</a>. Eric Schneiderman, attorney general of New York, said the bill would establish security procedures for how businesses store customer information.&nbsp;</p><p>The proposal comes after New York City-based firm JPMorgan Chase confirmed a data breach in 2014 that compromised 83 million accounts belonging to regular consumers and businesses, <a href="http://www.idt911.com/KnowledgeCenter/NewsAlerts/NewsAlertDetail.aspx?a={28378325-134B-4B35-B975-AA106B2837EC}" target="_blank">IDT911 reported on Oct. 6</a>.&nbsp;</p><p>Schneiderman also suggested including credentials, such as email addresses and passwords, in with the definition of private information that should be protected by corporations.</p><p>&quot;It&#39;s long past time we updated our security laws and expanded protections for consumers,&quot; Schneiderman said. &quot;Our new law will be the strongest, most comprehensive in the nation.&quot;</p>Thu, 15 Jan 2015 00:00:00 -0700{5FD88933-1D4A-4854-8B23-86BFEB3B2185}http://www.cic-idtheft.com/en/GlobalElements/KnowledgeCenter/NewsAlertItems/40028845.aspxAmerican, United Airlines Customers Have Travel Miles Stolen in Breach<p>While there are plenty of travel &quot;hacks&quot; that consumers can follow to save money, cybercriminals&nbsp;took&nbsp;it one step further and stole&nbsp;customers&#39; reward miles from their accounts, <a href="http://abcnews.go.com/Health/wireStory/airlines-targets-attempt-steal-customers-miles-28171014" target="_blank">The Associated Press reported</a>. American Airlines and United Airlines confirmed the data breach affecting thousands of customer accounts in late December.&nbsp;</p><p>The hackers managed to access about 10,000 accounts from American Airlines. The two airlines&nbsp;started contacting customers who had their accounts and personal information potentially compromised.&nbsp;</p><p>The hackers not only broke into customer accounts, they also used this access to obtain free travel services and trips. Martha Thomas, spokeswoman for American Airlines, said there were two incidents in which hackers took advantage of customers&#39; fee free trip or upgrade.&nbsp;</p><p>While hackers could try to use the reward miles themselves, Hold Security Chief Technology Officer Alex Holden said&nbsp;they could make a profit by buying a plane ticket with customers&#39; information and then sell it,&nbsp;<a href="http://www.computerworld.com/article/2868019/united-american-airlines-account-fraud-highlights-hacker-focus-on-travel-industry.html" target="_blank">Computerworld reported</a>.&nbsp;</p><p>&quot;Attacks against airline loyalty programs are very common and profitable,&quot; Holden said.</p><p>Hackers often obtain the information needed to infiltrate customers&#39; accounts through causing data breaches at travel agencies, Holden said.</p><p>However, the two airlines said their systems were not hacked directly.&nbsp;</p><p><strong>How Hackers Can Steal Customer Information</strong><br />
As a way to misuse customer information, cybercriminals&nbsp;can also steal customer credentials from other sites and try the login information to see whether they are granted permission.&nbsp;</p><p>The airlines said cybercriminals most likely took this approach to go into customer accounts, according to the AP.&nbsp;</p><p>Since weak or repeated passwords are a potential security loophole for travel sites, customers should change their passwords regularly as well as choose ones that make it hard for hackers to guess.</p><p>Airlines also look to improving their security for loyalty programs by asking security questions to verify customer identities.</p>Wed, 14 Jan 2015 00:00:00 -0700